movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'NixOS:master' into vim_o_exrc_support

Browse source
This commit is contained in:
Birdee 2025-05-22 04:05:35 -07:00 committed by GitHub
commit f81e8e68e5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12978 changed files with 385489 additions and 320486 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.devcontainer/devcontainer.json
View file

@ -5,17 +5,24 @@
"ghcr.io/devcontainers/features/nix:1": {
// fails in the devcontainer sandbox, enable sandbox via config instead
"multiUser": false,
"packages": "nixd,nixfmt-unstable",
"packages": "nixpkgs.nixd,nixpkgs.nixfmt-rfc-style",
"useAttributePath": true,
"extraNixConfig": "experimental-features = nix-command flakes,sandbox = true"
}
},
// Fixup permissions inside container.
// https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525
"postCreateCommand": "sudo apt-get install -y acl",
"postStartCommand": "sudo setfacl -k /tmp; if [ -e /dev/kvm ]; then sudo chgrp $(id -g) /dev/kvm; fi",
"customizations": {
"vscode": {
"extensions": [
"jnoortheen.nix-ide"
],
"settings": {
"nix.formatterPath": "nixfmt-rfc-style",
"[nix]": {
"editor.formatOnSave": true
},
"nix.enableLanguageServer": true,
"nix.serverPath": "nixd"
}

56
.editorconfig
View file

@ -35,8 +35,12 @@ indent_size = 1
[*.{json,lock,md,nix,rb}]
indent_size = 2
# Match perl/python/shell scripts, set indent width of four
[*.{bash,pl,pm,py,sh}]
# Match all the Bash code in Nix files, set indent width of two
[*.{bash,sh}]
indent_size = 2
# Match Perl and Python scripts, set indent width of four
[*.{pl,pm,py}]
indent_size = 4
# Match gemfiles, set indent to spaces with width of two
@ -44,9 +48,10 @@ indent_size = 4
indent_size = 2
indent_style = space
# Match package.json, which are generally pulled from upstream and accept them as they are
[package.json]
# Match package.json and package-lock.json, which are generally pulled from upstream and accept them as they are
[package{,-lock}.json]
indent_style = unset
insert_final_newline = unset
# Disable file types or individual files
# some of these files may be auto-generated and/or require significant changes
@ -81,47 +86,10 @@ charset = unset
[eggs.nix]
trim_trailing_whitespace = unset
[nixos/modules/services/networking/ircd-hybrid/*.{conf,in}]
trim_trailing_whitespace = unset
[pkgs/build-support/dotnetenv/Wrapper/**]
end_of_line = unset
indent_style = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
[registry.dat]
end_of_line = unset
insert_final_newline = unset
[pkgs/development/haskell-modules/hackage-packages.nix]
indent_style = unset
trim_trailing_whitespace = unset
[pkgs/misc/documentation-highlighter/**]
insert_final_newline = unset
[pkgs/servers/dict/wordnet_structures.py]
trim_trailing_whitespace = unset
[pkgs/tools/misc/timidity/timidity.cfg]
trim_trailing_whitespace = unset
[pkgs/tools/security/qdigidoc/vendor/*]
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
[pkgs/tools/virtualization/ovftool/*.ova]
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
charset = unset
[lib/tests/*.plist]
indent_style = tab
insert_final_newline = unset
[pkgs/kde/generated/**]
insert_final_newline = unset
end_of_line = unset
# Keep this hint at the bottom:
# Please don't add entries for subfolders here.
# Create <subfolder>/.editorconfig instead.

15
.git-blame-ignore-revs
View file

@ -251,3 +251,18 @@ fd14c067813572afc03ddbf7cdedc3eab5a59954
# treewide format of all Nix files
374e6bcc403e02a35e07b650463c01a52b13a7c8 # !autorebase nix-shell --run treefmt
# nix: nixfmt-rfc-style
a4f7e161b380b35b2f7bc432659a95fd71254ad8
0812c9a321003c924868051d2b2e1934e8880f3f
34f269c14ac18d89ddee9a8f54b1ca92a85bbcc6
062c34cdace499aa44f0fa6ca6f2ca71769f6c43
# haskellPackages.hercules-ci-agent (cabal2nix -> nixfmt-rfc-style)
9314da7ee8d2aedfb15193b8c489da51efe52bb5
# nix-builder-vm: nixfmt-rfc-style
a034fb50f79816c6738fb48b48503b09ea3b0132
# treewide: switch instances of lib.teams.*.members to the new meta.teams attribute
05580f4b4433fda48fff30f60dfd303d6ee05d21

2
.github/ISSUE_TEMPLATE/04_build_failure.yml vendored
View file

@ -61,12 +61,14 @@ body:
You can still open a build failure report, but please say '**No, Hydra cannot reproduce this build failure.**' below.
- If there's a <img src="https://raw.githubusercontent.com/NixOS/hydra/refs/heads/master/src/root/static/images/emojione-question-2754.svg" width="20px" align="top" alt="Gray Question Mark"> icon near the package entry, say '**Hydra is currently rebuilding this package.**'
- If there's a <img src="https://raw.githubusercontent.com/NixOS/hydra/refs/heads/master/src/root/static/images/emojione-stopsign-1f6d1.svg" width="20px" align="top" alt="Red Stop Sign"> icon near the package entry, then the build job was stopped manually. If this occurs, please coordinate with the [Infrastructure Team](https://matrix.to/#/#infra:nixos.org), and say '**The last build job was manually cancelled.**'
- If Hydra isn't supposed to build the package at all, say '**Hydra doesnt try to build the package.**'
options:
- "Please select the Hydra Status."
- "Yes, Hydra can reproduce this build failure."
- "No, Hydra cannot reproduce this build failure."
- "Hydra is currently rebuilding this package."
- "The last build job was manually cancelled."
- "Hydra doesnt try to build the package."
default: 0
validations:
required: true

108
.github/ISSUE_TEMPLATE/05_package_request.yml vendored
View file

@ -1,108 +0,0 @@
name: "Request: new package"
description: "Create a package request for software that is not yet included in Nixpkgs."
title: "Package request: PACKAGENAME"
labels: ["0.kind: enhancement", "0.kind: packaging request", "9.needs: package (new)"]
body:
- type: "markdown"
attributes:
value: |
<p align="center">
<a href="https://nixos.org">
<picture>
<source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png">
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/NixOS/nixos-artwork/master/logo/nixos-white.png">
<img src="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png" width="400px" alt="NixOS logo">
</picture>
</a>
</p>
Welcome to Nixpkgs. Please replace the **`Package request: PACKAGENAME`** template above with the correct package name (As seen in the [NixOS Package Search](https://search.nixos.org/packages)).
> [!TIP]
> For instance, if you were filing a request against the missing `hello` package, your title would be as follows:
> `Package request: hello`
---
- type: "textarea"
id: "description"
attributes:
label: "Describe the package"
description: "Please include a clear and concise description of what the package is."
validations:
required: true
- type: "input"
id: "homepage"
attributes:
label: "Upstream homepage"
description: "Please copy and paste a link to the package's homepage."
validations:
required: true
- type: "input"
id: "source"
attributes:
label: "Source URL"
description: "Please copy and paste a link to the package's source code or binary download page."
validations:
required: true
- type: "input"
id: "license"
attributes:
label: "License"
description: "Please indicate the package's license. If the package has no license, or the source code is not public, please indicate the package is `unfree`."
validations:
required: true
- type: "dropdown"
id: "platforms"
attributes:
label: "Platforms"
description: "Please indicate the platforms this package compiles for. `darwin` refers to macOS. `Exotic` refers to uncommon platforms like RISC-V or 32-bit ARM; please mention in the 'Additional Context' section below if this package is supposed to compile for such exotic platforms."
multiple: true
options:
- "x86_64-linux"
- "aarch64-linux"
- "x86_64-darwin"
- "aarch64-darwin"
- "Exotic"
- type: "textarea"
id: "additional-context"
attributes:
label: "Additional context"
description: "Add any other context about the proposed module here."
validations:
required: false
- type: "checkboxes"
id: "sanity-check"
attributes:
label: "I assert that this issue is relevant for Nixpkgs"
options:
- label: "I assert that this package does not yet exist in an [open pull request](https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+package+%28new%29%22) or in [Nixpkgs Unstable](https://search.nixos.org/packages?channel=unstable)."
required: true
- label: "I assert that this is not a [duplicate of any known issue](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+label%3A%220.kind%3A+packaging+request%22)."
required: true
- label: "I assert that I have read the [NixOS Code of Conduct](https://github.com/NixOS/.github/blob/master/CODE_OF_CONDUCT.md) and agree to abide by it."
required: true
- type: "markdown"
attributes:
value: |
# Thank you for helping improve Nixpkgs!
---
- type: "textarea"
id: "prioritisation"
attributes:
label: "For this package's maintainers:"
description: |
**Please do not modify this text area!**
This template helps Nixpkgs developers know which issues should be prioritised by allowing users to vote with a :+1: reaction and also reminds them to tag this issue in their pull requests.
This is not a guarantee that highly-requested issues will be fixed first, but it helps us to figure out what's important to users. Please react on other users' issues if you find them important.
value: |
Please tag this issue in your pull request description. (i.e. `Resolves #ISSUE`.)
---
Add a :+1: [reaction] to [issues you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc

125
.github/ISSUE_TEMPLATE/05_update_request.yml vendored Normal file
View file

@ -0,0 +1,125 @@
name: "Request: package update"
description: "Create an update request for an existing, but outdated package."
title: "Update Request: PACKAGENAME OLDVERSION → NEWVERSION"
labels: ["0.kind: enhancement", "9.needs: package (update)"]
body:
- type: "markdown"
attributes:
value: |
<p align="center">
<a href="https://nixos.org">
<picture>
<source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png">
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/NixOS/nixos-artwork/master/logo/nixos-white.png">
<img src="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png" width="400px" alt="NixOS logo">
</picture>
</a>
</p>
Welcome to Nixpkgs. Please replace the **`Update Request: PACKAGENAME OLDVERSION → NEWVERSION`** template above with the correct package name (As seen in the [NixOS Package Search](https://search.nixos.org/packages)), the current version of the package, and the latest version of the package.
> [!TIP]
> For instance, if you were filing a request against the out of date `hello` package, where the current version in Nixpkgs is 1.0.0, but the latest version upstream is 1.0.1, your title would be as follows:
> `Update Request: hello 1.0.0 → 1.0.1`
---
- type: "dropdown"
id: "version"
attributes:
label: "Nixpkgs version"
description: |
What version of Nixpkgs are you using?
> [!IMPORTANT]
> If you are using an older or stable version, please update to the latest **unstable** version and check if the package is still out of date.
> If the package has been updated in unstable, but you believe the update should be backported to the stable release of Nixpkgs, please file the '**Request: backport to stable**' form instead.
options:
- "Please select a version."
- "- Unstable (25.05)"
- "- Stable (24.11)"
- "- Previous Stable (24.05)"
default: 0
validations:
required: true
- type: "input"
id: "name"
attributes:
label: "Package name"
description: "Please indicate the name of the package."
validations:
required: true
- type: "input"
id: "upstream-version"
attributes:
label: "Upstream version"
description: "Please indicate the latest version of the package."
validations:
required: true
- type: "input"
id: "nixpkgs-version"
attributes:
label: "Nixpkgs version"
description: |
Please indicate the current version number in Nixpkgs' **unstable** channel. You can check this by setting the [NixOS Package Search](https://search.nixos.org/packages?channel=unstable) channel to 'unstable' and searching for the package.
If you meant to request an upgrade in the stable channel, please file the '**Request: backport to stable**' form instead.
validations:
required: true
- type: "input"
id: "changelog"
attributes:
label: "Changelog"
description: "If applicable, please link the upstream changelog for the latest version."
validations:
required: false
- type: "textarea"
id: "additional-context"
attributes:
label: "Additional context"
description: "Add any other context about the update here."
validations:
required: false
- type: "textarea"
id: "maintainers"
attributes:
label: "Notify maintainers"
description: |
Please mention the people who are in the **Maintainers** list of the offending package. This is done by by searching for the package on the [NixOS Package Search](https://search.nixos.org/packages) and mentioning the people listed under **Maintainers** by prefixing their GitHub usernames with an '@' character. Please add the mentions above the `---` characters in the template below.
value: |
---
**Note for maintainers:** Please tag this issue in your pull request description. (i.e. `Resolves #ISSUE`.)
validations:
required: false
- type: "checkboxes"
id: "sanity-check"
attributes:
label: "I assert that this issue is relevant for Nixpkgs"
options:
- label: "I assert that this package update does not yet exist in an [open pull request](https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+package+%28update%29%22) or in [Nixpkgs Unstable](https://search.nixos.org/packages?channel=unstable)."
required: true
- label: "I assert that this is not a [duplicate of any known issue](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+label%3A%229.needs%3A+package+%28update%29%22)."
required: true
- label: "I assert that I have read the [NixOS Code of Conduct](https://github.com/NixOS/.github/blob/master/CODE_OF_CONDUCT.md) and agree to abide by it."
required: true
- type: "markdown"
attributes:
value: |
# Thank you for helping improve Nixpkgs!
---
- type: "textarea"
id: "prioritisation"
attributes:
label: "Is this issue important to you?"
description: |
**Please do not modify this text area!**
This template helps Nixpkgs developers know which issues should be prioritised by allowing users to vote with a :+1: reaction.
This is not a guarantee that highly-requested issues will be fixed first, but it helps us to figure out what's important to users. Please react on other users' issues if you find them important.
value: |
Add a :+1: [reaction] to [issues you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc

0
.github/ISSUE_TEMPLATE/07_module_request.yml → .github/ISSUE_TEMPLATE/06_module_request.yml vendored
View file

121
.github/ISSUE_TEMPLATE/06_update_request.yml vendored
View file

@ -1,121 +0,0 @@
name: "Request: package update"
description: "Create an update request for an existing, but outdated package."
title: "Update Request: PACKAGENAME OLDVERSION → NEWVERSION"
labels: ["0.kind: enhancement", "9.needs: package (update)"]
body:
- type: "markdown"
attributes:
value: |
<p align="center">
<a href="https://nixos.org">
<picture>
<source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png">
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/NixOS/nixos-artwork/master/logo/nixos-white.png">
<img src="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png" width="400px" alt="NixOS logo">
</picture>
</a>
</p>
Welcome to Nixpkgs. Please replace the **`Update Request: PACKAGENAME OLDVERSION → NEWVERSION`** template above with the correct package name (As seen in the [NixOS Package Search](https://search.nixos.org/packages)), the current version of the package, and the latest version of the package.
> [!TIP]
> For instance, if you were filing a request against the out of date `hello` package, where the current version in Nixpkgs is 1.0.0, but the latest version upstream is 1.0.1, your title would be as follows:
> `Update Request: hello 1.0.0 → 1.0.1`
> [!NOTE]
> If you are filing an update request to change a package's source to a fork, please file a new package request instead. Even if the original upstream is outdated, the fork should be considered a new package.
---
- type: "dropdown"
id: "version"
attributes:
label: "Nixpkgs version"
description: |
What version of Nixpkgs are you using?
> [!IMPORTANT]
> If you are using an older or stable version, please update to the latest **unstable** version and check if the package is still out of date.
> If the package has been updated in unstable, but you believe the update should be backported to the stable release of Nixpkgs, please file the '**Request: backport to stable**' form instead.
options:
- "Please select a version."
- "- Unstable (25.05)"
- "- Stable (24.11)"
- "- Previous Stable (24.05)"
default: 0
validations:
required: true
- type: "input"
id: "name"
attributes:
label: "Package name"
description: "Please indicate the name of the package."
validations:
required: true
- type: "input"
id: "upstream-version"
attributes:
label: "Upstream version"
description: "Please indicate the latest version of the package."
validations:
required: true
- type: "input"
id: "nixpkgs-version"
attributes:
label: "Nixpkgs version"
description: |
Please indicate the current version number in Nixpkgs' **unstable** channel. You can check this by setting the [NixOS Package Search](https://search.nixos.org/packages?channel=unstable) channel to 'unstable' and searching for the package.
If you meant to request an upgrade in the stable channel, please file the '**Request: backport to stable**' form instead.
validations:
required: true
- type: "input"
id: "changelog"
attributes:
label: "Changelog"
description: "If applicable, please link the upstream changelog for the latest version."
validations:
required: false
- type: "textarea"
id: "maintainers"
attributes:
label: "Notify maintainers"
description: |
Please mention the people who are in the **Maintainers** list of the offending package. This is done by by searching for the package on the [NixOS Package Search](https://search.nixos.org/packages) and mentioning the people listed under **Maintainers** by prefixing their GitHub usernames with an '@' character. Please add the mentions above the `---` characters in the template below.
value: |
---
**Note for maintainers:** Please tag this issue in your pull request description. (i.e. `Resolves #ISSUE`.)
validations:
required: false
- type: "checkboxes"
id: "sanity-check"
attributes:
label: "I assert that this issue is relevant for Nixpkgs"
options:
- label: "I assert that this package update does not yet exist in an [open pull request](https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+is%3Apr+label%3A%228.has%3A+package+%28update%29%22) or in [Nixpkgs Unstable](https://search.nixos.org/packages?channel=unstable)."
required: true
- label: "I assert that this is not a [duplicate of any known issue](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+label%3A%229.needs%3A+package+%28update%29%22)."
required: true
- label: "I assert that I have read the [NixOS Code of Conduct](https://github.com/NixOS/.github/blob/master/CODE_OF_CONDUCT.md) and agree to abide by it."
required: true
- type: "markdown"
attributes:
value: |
# Thank you for helping improve Nixpkgs!
---
- type: "textarea"
id: "prioritisation"
attributes:
label: "Is this issue important to you?"
description: |
**Please do not modify this text area!**
This template helps Nixpkgs developers know which issues should be prioritised by allowing users to vote with a :+1: reaction.
This is not a guarantee that highly-requested issues will be fixed first, but it helps us to figure out what's important to users. Please react on other users' issues if you find them important.
value: |
Add a :+1: [reaction] to [issues you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc

0
.github/ISSUE_TEMPLATE/08_backport_request.yml → .github/ISSUE_TEMPLATE/07_backport_request.yml vendored
View file

0
.github/ISSUE_TEMPLATE/09_documentation_request.yml → .github/ISSUE_TEMPLATE/08_documentation_request.yml vendored
View file

0
.github/ISSUE_TEMPLATE/10_unreproducible_package.yml → .github/ISSUE_TEMPLATE/09_unreproducible_package.yml vendored
View file

3
.github/PULL_REQUEST_TEMPLATE.md vendored
View file

@ -25,8 +25,9 @@ For new packages please briefly describe the package or provide a link to its ho
- made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
- [25.05 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) Release notes)
- [Nixpkgs 25.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/doc/release-notes/rl-2511.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/doc/manual/release-notes/rl-2505.section.md) Nixpkgs Release notes)
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
- [NixOS 25.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2511.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) NixOS Release notes)
- [ ] (Module updates) Added a release notes entry if the change is significant
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module
- [ ] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).

1
.github/dependabot.yml vendored
View file

@ -4,3 +4,4 @@ updates:
directory: "/"
schedule:
interval: "weekly"
labels: [ ]

23
.github/labeler-development-branches.yml vendored Normal file
View file

@ -0,0 +1,23 @@
# This file is used by .github/workflows/labels.yml
# This version is only run for Pull Requests from development branches like staging-next, haskell-updates or python-updates.
"4.workflow: package set update":
- any:
- head-branch:
- '-updates$'
"4.workflow: staging":
- any:
- head-branch:
- '^staging-next$'
- '^staging-next-'
"6.topic: haskell":
- any:
- head-branch:
- '^haskell-updates$'
"6.topic: python":
- any:
- head-branch:
- '^python-updates$'

16
.github/labeler-no-sync.yml vendored
View file

@ -1,12 +1,7 @@
# This file is used by .github/workflows/labels.yml
# This version uses `sync-labels: false`, meaning that a non-match will NOT remove the label
"backport release-24.11":
- any:
- changed-files:
- any-glob-to-any-file:
- .github/workflows/*
- ci/**/*.*
# keep-sorted start case=no numeric=yes newline_separated=yes skip_lines=1
"6.topic: policy discussion":
- any:
@ -26,3 +21,12 @@
- any-glob-to-any-file:
- doc/**/*
- nixos/doc/**/*
"backport release-25.05":
- any:
- changed-files:
- any-glob-to-any-file:
- .github/workflows/*
- ci/**/*.*
# keep-sorted end

70
.github/labeler.yml vendored
View file

@ -1,6 +1,15 @@
# This file is used by .github/workflows/labels.yml
# This version uses `sync-labels: true`, meaning that a non-match will remove the label
# keep-sorted start case=no numeric=yes newline_separated=yes skip_lines=1
"4.workflow: backport":
- any:
- base-branch:
- '^release-'
- '^staging-\d'
- '^staging-next-\d'
# NOTE: bsd, darwin and cross-compilation labels are handled by ofborg
"6.topic: agda":
- any:
@ -30,7 +39,7 @@
- changed-files:
- any-glob-to-any-file:
- .github/**/*
- ci/**/*
- ci/**/*.*
"6.topic: coq":
- any:
@ -40,6 +49,16 @@
- pkgs/development/coq-modules/**/*
- pkgs/top-level/coq-packages.nix
"6.topic: COSMIC":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/services/desktop-managers/cosmic.nix
- nixos/modules/services/display-managers/cosmic-greeter.nix
- nixos/tests/cosmic.nix
- pkgs/by-name/co/cosmic-*/**/*
- pkgs/by-name/xd/xdg-desktop-portal-cosmic/*
"6.topic: crystal":
- any:
- changed-files:
@ -310,6 +329,16 @@
- any-glob-to-any-file:
- pkgs/os-specific/linux/musl/**/*
"6.topic: nim":
- any:
- changed-files:
- any-glob-to-any-file:
- doc/languages-frameworks/nim.section.md
- pkgs/build-support/build-nim-package.nix
- pkgs/build-support/build-nim-sbom.nix
- pkgs/by-name/ni/nim*
- pkgs/top-level/nim-overrides.nix
"6.topic: nixos":
- any:
- changed-files:
@ -326,16 +355,6 @@
- nixos/modules/virtualisation/nixos-containers.nix
- pkgs/tools/virtualization/nixos-container/**/*
"6.topic: nim":
- any:
- changed-files:
- any-glob-to-any-file:
- doc/languages-frameworks/nim.section.md
- pkgs/build-support/build-nim-package.nix
- pkgs/build-support/build-nim-sbom.nix
- pkgs/by-name/ni/nim*
- pkgs/top-level/nim-overrides.nix
"6.topic: nodejs":
- any:
- changed-files:
@ -482,14 +501,6 @@
- any-glob-to-any-file:
- maintainers/team-list.nix
"6.topic: TeX":
- any:
- changed-files:
- any-glob-to-any-file:
- doc/languages-frameworks/texlive.section.md
- pkgs/test/texlive/**
- pkgs/tools/typesetting/tex/**/*
"6.topic: testing":
- any:
- changed-files:
@ -506,6 +517,14 @@
- nixos/tests/make-test-python.nix # legacy
# lib/debug.nix has a test framework (runTests) but it's not the main focus
"6.topic: TeX":
- any:
- changed-files:
- any-glob-to-any-file:
- doc/languages-frameworks/texlive.section.md
- pkgs/test/texlive/**
- pkgs/tools/typesetting/tex/**/*
"6.topic: updaters":
- any:
- changed-files:
@ -569,13 +588,16 @@
- any-glob-to-any-file:
- nixos/doc/manual/release-notes/**/*
"8.has: module (update)":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/**/*
"8.has: maintainer-list (update)":
- any:
- changed-files:
- any-glob-to-any-file:
- maintainers/maintainer-list.nix
"8.has: module (update)":
- any:
- changed-files:
- any-glob-to-any-file:
- nixos/modules/**/*
# keep-sorted end

23
.github/workflows/backport.yml vendored
View file

@ -14,16 +14,18 @@ permissions: {}
jobs:
backport:
name: Backport Pull Request
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-24.04
if: vars.NIXPKGS_CI_APP_ID && github.event.pull_request.merged == true && (github.event.action != 'labeled' || startsWith(github.event.label.name, 'backport'))
runs-on: ubuntu-24.04-arm
steps:
# Use a GitHub App to create the PR so that CI gets triggered
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
id: app-token
with:
app-id: ${{ vars.NIXPKGS_CI_APP_ID }}
private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
@ -31,6 +33,7 @@ jobs:
token: ${{ steps.app-token.outputs.token }}
- name: Create backport PRs
id: backport
uses: korthout/backport-action@436145e922f9561fc5ea157ff406f21af2d6b363 # v3.2.0
with:
# Config README: https://github.com/korthout/backport-action#backport-action
@ -40,4 +43,16 @@ jobs:
Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
* [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases).
* Even as a non-commiter, if you find that it is not acceptable, leave a comment.
* Even as a non-committer, if you find that it is not acceptable, leave a comment.
- name: "Add 'has: port to stable' label"
if: steps.backport.outputs.created_pull_numbers != ''
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
REPOSITORY: ${{ github.repository }}
NUMBER: ${{ github.event.number }}
run: |
gh api \
--method POST \
/repos/"$REPOSITORY"/issues/"$NUMBER"/labels \
-f "labels[]=8.has: port to stable"

6
.github/workflows/check-cherry-picks.yml vendored
View file

@ -1,6 +1,9 @@
name: "Check cherry-picks"
on:
pull_request:
paths:
- .github/workflows/check-cherry-picks.yml
pull_request_target:
branches:
- 'release-**'
@ -12,8 +15,7 @@ permissions: {}
jobs:
check:
name: cherry-pick-check
runs-on: ubuntu-24.04
if: github.repository_owner == 'NixOS'
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:

44
.github/workflows/check-format.yml vendored Normal file
View file

@ -0,0 +1,44 @@
name: Check that files are formatted
on:
pull_request:
paths:
- .github/workflows/check-format.yml
pull_request_target:
types: [opened, synchronize, reopened, edited]
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixos:
name: fmt-check
runs-on: ubuntu-24.04-arm
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
- name: Check that files are formatted
run: |
# Note that it's fine to run this on untrusted code because:
# - There's no secrets accessible here
# - The build is sandboxed
if ! nix-build ci -A fmt.check; then
echo "Some files are not properly formatted"
echo "Please format them by going to the Nixpkgs root directory and running one of:"
echo " nix-shell --run treefmt"
echo " nix develop --command treefmt"
echo " nix fmt"
echo "Make sure your branch is up to date with master; rebase if not."
echo "If you're having trouble, please ping @NixOS/nix-formatting"
exit 1
fi

28
.github/workflows/check-maintainers-sorted.yml vendored
View file

@ -1,28 +0,0 @@
name: "Check that maintainer list is sorted"
on:
pull_request_target:
paths:
- 'maintainers/maintainer-list.nix'
permissions: {}
jobs:
nixos:
name: maintainer-list-check
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
# Only these directories to perform the check
sparse-checkout: |
lib
maintainers
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
extra_nix_config: sandbox = true
- name: Check that maintainer-list.nix is sorted
run: nix-instantiate --eval maintainers/scripts/check-maintainers-sorted.nix

44
.github/workflows/check-nix-format.yml vendored
View file

@ -1,44 +0,0 @@
# NOTE: Formatting with the RFC-style nixfmt command is not yet stable.
# See https://github.com/NixOS/rfcs/pull/166.
name: Check that Nix files are formatted
on:
pull_request_target:
types: [opened, synchronize, reopened, edited]
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixos:
name: nixfmt-check
runs-on: ubuntu-24.04
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
extra_nix_config: sandbox = true
- name: Check that Nix files are formatted
run: |
# Note that it's fine to run this on untrusted code because:
# - There's no secrets accessible here
# - The build is sandboxed
if ! nix-build ci -A fmt.check; then
echo "Some Nix files are not properly formatted"
echo "Please format them by going to the Nixpkgs root directory and running one of:"
echo " nix-shell --run treefmt"
echo " nix develop --command treefmt"
echo " nix fmt"
echo "Make sure your branch is up to date with master; rebase if not."
echo "If you're having trouble, please ping @NixOS/nix-formatting"
exit 1
fi

132
.github/workflows/check-nixf-tidy.yml vendored
View file

@ -1,132 +0,0 @@
name: Check changed Nix files with nixf-tidy (experimental)
on:
pull_request_target:
types: [opened, synchronize, reopened, edited]
permissions: {}
jobs:
nixos:
name: exp-nixf-tidy-check
runs-on: ubuntu-24.04
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
# Fetches the merge commit and its parents
fetch-depth: 2
- name: Checking out target branch
run: |
target=$(mktemp -d)
targetRev=$(git rev-parse HEAD^1)
git worktree add "$target" "$targetRev"
echo "targetRev=$targetRev" >> "$GITHUB_ENV"
echo "target=$target" >> "$GITHUB_ENV"
- name: Get Nixpkgs revision for nixf
run: |
# pin to a commit from nixpkgs-unstable to avoid e.g. building nixf
# from staging
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=${{ env.url }}
- name: Install nixf and jq
# provided jq is incompatible with our expression
run: "nix-env -f '<nixpkgs>' -iAP nixf jq"
- name: Check that Nix files pass nixf-tidy
run: |
# Filtering error messages we don't like
nixf_wrapper(){
nixf-tidy --variable-lookup < "$1" | jq -r '
[
"sema-escaping-with"
]
as $ignored_errors|[.[]|select(.sname as $s|$ignored_errors|index($s)|not)]
'
}
failedFiles=()
# Don't report errors to file overview
# to avoid duplicates when editing title and description
if [[ "${{ github.event.action }}" == 'edited' ]] && [[ -z "${{ github.event.edited.changes.base }}" ]]; then
DONT_REPORT_ERROR=1
else
DONT_REPORT_ERROR=
fi
# TODO: Make this more parallel
# Loop through all Nix files touched by the PR
while readarray -d '' -n 2 entry && (( ${#entry[@]} != 0 )); do
type=${entry[0]}
file=${entry[1]}
case $type in
A*)
source=""
dest=$file
;;
M*)
source=$file
dest=$file
;;
C*|R*)
source=$file
read -r -d '' dest
;;
*)
echo "Ignoring file $file with type $type"
continue
esac
if [[ -n "$source" ]] && [[ "$(nixf_wrapper ${{ env.target }}/"$source")" != '[]' ]] 2>/dev/null; then
echo "Ignoring file $file because it doesn't pass nixf-tidy in the target commit"
echo # insert blank line
else
nixf_report="$(nixf_wrapper "$dest")"
if [[ "$nixf_report" != '[]' ]]; then
echo "$dest doesn't pass nixf-tidy. Reported by nixf-tidy:"
errors=$(echo "$nixf_report" | jq -r --arg dest "$dest" '
def getLCur: "line=" + (.line+1|tostring) + ",col=" + (.column|tostring);
def getRCur: "endLine=" + (.line+1|tostring) + ",endColumn=" + (.column|tostring);
def getRange: "file=\($dest)," + (.lCur|getLCur) + "," + (.rCur|getRCur);
def getBody: . as $top|(.range|getRange) + ",title="+ .sname + "::" +
(.message|sub("{}" ; ($top.args.[]|tostring)));
def getNote: "\n::notice " + (.|getBody);
def getMessage: "::error " + (.|getBody) + (if (.notes|length)>0 then
([.notes.[]|getNote]|add) else "" end);
.[]|getMessage
')
if [[ -z "$DONT_REPORT_ERROR" ]]; then
echo "$errors"
else
# just print in plain text
echo "${errors/::/}"
echo # add one empty line
fi
failedFiles+=("$dest")
fi
fi
done < <(git diff -z --name-status ${{ env.targetRev }} -- '*.nix')
if [[ -n "$DONT_REPORT_ERROR" ]]; then
echo "Edited the PR but didn't change the base branch, only the description/title."
echo "Not reporting errors again to avoid duplication."
echo # add one empty line
fi
if (( "${#failedFiles[@]}" > 0 )); then
echo "Some new/changed Nix files don't pass nixf-tidy."
echo "See ${{ github.event.pull_request.html_url }}/files for reported errors."
echo "If you believe this is a false positive, ping @Aleksanaa and @inclyc in this PR."
exit 1
fi

11
.github/workflows/check-shell.yml vendored
View file

@ -1,6 +1,9 @@
name: "Check shell"
on:
pull_request:
paths:
- .github/workflows/check-shell.yml
pull_request_target:
paths:
- 'shell.nix'
@ -16,6 +19,10 @@ jobs:
include:
- runner: ubuntu-24.04
system: x86_64-linux
- runner: ubuntu-24.04-arm
system: aarch64-linux
- runner: macos-13
system: x86_64-darwin
- runner: macos-14
system: aarch64-darwin
@ -27,7 +34,7 @@ jobs:
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
- name: Build shell
run: nix-build shell.nix
run: nix-build ci -A shell

24
.github/workflows/codeowners-v2.yml vendored
View file

@ -23,6 +23,9 @@
name: Codeowners v2
on:
pull_request:
paths:
- .github/workflows/codeowners-v2.yml
pull_request_target:
types: [opened, ready_for_review, synchronize, reopened, edited]
@ -41,11 +44,11 @@ jobs:
# Check that code owners is valid
check:
name: Check
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: get-merge-commit
if: github.repository_owner == 'NixOS' && needs.get-merge-commit.outputs.mergedSha
steps:
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
with:
@ -63,11 +66,14 @@ jobs:
- name: Build codeowners validator
run: nix-build base/ci -A codeownersValidator
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
if: vars.OWNER_RO_APP_ID
id: app-token
with:
app-id: ${{ vars.OWNER_RO_APP_ID }}
private-key: ${{ secrets.OWNER_RO_APP_PRIVATE_KEY }}
permission-administration: read
permission-members: read
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
@ -75,6 +81,7 @@ jobs:
path: pr
- name: Validate codeowners
if: steps.app-token.outputs.token
run: result/bin/codeowners-validator
env:
OWNERS_FILE: pr/${{ env.OWNERS_FILE }}
@ -87,25 +94,30 @@ jobs:
# Request reviews from code owners
request:
name: Request
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
if: github.repository_owner == 'NixOS'
steps:
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
# Important: Because we use pull_request_target, this checks out the base branch of the PR, not the PR head.
# This is intentional, because we need to request the review of owners as declared in the base branch.
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
if: vars.OWNER_APP_ID
id: app-token
with:
app-id: ${{ vars.OWNER_APP_ID }}
private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
permission-administration: read
permission-members: read
permission-pull-requests: write
- name: Build review request package
run: nix-build ci -A requestReviews
- name: Request reviews
if: steps.app-token.outputs.token
run: result/bin/request-code-owner-reviews.sh ${{ github.repository }} ${{ github.event.number }} "$OWNERS_FILE"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}

47
.github/workflows/editorconfig-v2.yml vendored
View file

@ -1,47 +0,0 @@
name: "Checking EditorConfig v2"
on:
pull_request_target:
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
tests:
name: editorconfig-check
runs-on: ubuntu-24.04
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
repos/${{ github.repository }}/pulls/${{ github.event.number }}/files --paginate \
| jq '.[] | select(.status != "removed") | .filename' \
> "$HOME/changed_files"
- name: print list of changed files
run: |
cat "$HOME/changed_files"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
# nixpkgs commit is pinned so that it doesn't break
# editorconfig-checker 2.4.0
nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/c473cc8714710179df205b153f4e9fa007107ff9.tar.gz
- name: Checking EditorConfig
run: |
< "$HOME/changed_files" nix-shell -p editorconfig-checker --run 'xargs -r editorconfig-checker -disable-indent-size'
- if: ${{ failure() }}
run: |
echo "::error :: Hey! It looks like your changes don't follow our editorconfig settings. Read https://editorconfig.org/#download to configure your editor so you never see this error again."

36
.github/workflows/eval-aliases.yml vendored Normal file
View file

@ -0,0 +1,36 @@
name: Eval aliases
on:
pull_request:
paths:
- .github/workflows/eval-aliases.yml
pull_request_target:
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
eval-aliases:
name: Eval nixpkgs with aliases enabled
runs-on: ubuntu-24.04-arm
needs: [ get-merge-commit ]
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
- name: Ensure flake outputs on all systems still evaluate
run: nix flake check --all-systems --no-build ./nixpkgs
- name: Query nixpkgs with aliases enabled to check for basic syntax errors
run: |
time nix-env -I ./nixpkgs -f ./nixpkgs -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null

31
.github/workflows/eval-lib-tests.yml vendored
View file

@ -1,31 +0,0 @@
name: "Building Nixpkgs lib-tests"
on:
pull_request_target:
paths:
- 'lib/**'
- 'maintainers/**'
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixpkgs-lib-tests:
name: nixpkgs-lib-tests
runs-on: ubuntu-24.04
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
extra_nix_config: sandbox = true
- name: Building Nixpkgs lib-tests
run: |
nix-build --arg pkgs "(import ./ci/. {}).pkgs" ./lib/tests/release.nix

127
.github/workflows/eval.yml vendored
View file

@ -1,6 +1,9 @@
name: Eval
on:
pull_request:
paths:
- .github/workflows/eval.yml
pull_request_target:
types: [opened, ready_for_review, synchronize, reopened]
push:
@ -19,87 +22,21 @@ jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
attrs:
name: Attributes
runs-on: ubuntu-24.04
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
outputs:
targetSha: ${{ steps.targetSha.outputs.targetSha }}
systems: ${{ steps.systems.outputs.systems }}
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
fetch-depth: 2
path: nixpkgs
- name: Determine target commit
if: github.event_name == 'pull_request_target'
id: targetSha
run: |
targetSha=$(git -C nixpkgs rev-parse HEAD^1)
echo "targetSha=$targetSha" >> "$GITHUB_OUTPUT"
- name: Install Nix
uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
extra_nix_config: sandbox = true
- name: Evaluate the list of all attributes and get the systems matrix
id: systems
run: |
nix-build nixpkgs/ci -A eval.attrpathsSuperset
echo "systems=$(<result/systems.json)" >> "$GITHUB_OUTPUT"
- name: Upload the list of all attributes
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: paths
path: result/*
eval-aliases:
name: Eval nixpkgs with aliases enabled
runs-on: ubuntu-24.04
needs: [ get-merge-commit ]
steps:
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
extra_nix_config: sandbox = true
- name: Query nixpkgs with aliases enabled to check for basic syntax errors
run: |
time nix-env -I ./nixpkgs -f ./nixpkgs -qa '*' --option restrict-eval true --option allow-import-from-derivation false >/dev/null
outpaths:
name: Outpaths
runs-on: ubuntu-24.04
needs: [ attrs, get-merge-commit ]
runs-on: ubuntu-24.04-arm
needs: [ get-merge-commit ]
strategy:
fail-fast: false
matrix:
system: ${{ fromJSON(needs.attrs.outputs.systems) }}
system: ${{ fromJSON(needs.get-merge-commit.outputs.systems) }}
steps:
- name: Enable swap
run: |
sudo fallocate -l 10G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
- name: Download the list of all attributes
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: paths
path: paths
sudo fallocate -l 10G /swap
sudo chmod 600 /swap
sudo mkswap /swap
sudo swapon /swap
- name: Check out the PR at the test merge commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@ -108,7 +45,7 @@ jobs:
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
@ -118,7 +55,6 @@ jobs:
run: |
nix-build nixpkgs/ci -A eval.singleSystem \
--argstr evalSystem "$MATRIX_SYSTEM" \
--arg attrpathFile ./paths/paths.json \
--arg chunkSize 10000
# If it uses too much memory, slightly decrease chunkSize
@ -130,8 +66,8 @@ jobs:
process:
name: Process
runs-on: ubuntu-24.04
needs: [ outpaths, attrs, get-merge-commit ]
runs-on: ubuntu-24.04-arm
needs: [ outpaths, get-merge-commit ]
outputs:
targetRunId: ${{ steps.targetRunId.outputs.targetRunId }}
steps:
@ -149,7 +85,7 @@ jobs:
path: nixpkgs
- name: Install Nix
uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
@ -166,7 +102,7 @@ jobs:
path: prResult/*
- name: Get target run id
if: needs.attrs.outputs.targetSha
if: needs.get-merge-commit.outputs.targetSha
id: targetRunId
run: |
# Get the latest eval.yml workflow run for the PR's target commit
@ -195,7 +131,7 @@ jobs:
echo "targetRunId=$runId" >> "$GITHUB_OUTPUT"
env:
REPOSITORY: ${{ github.repository }}
TARGET_SHA: ${{ needs.attrs.outputs.targetSha }}
TARGET_SHA: ${{ needs.get-merge-commit.outputs.targetSha }}
GH_TOKEN: ${{ github.token }}
- uses: actions/download-artifact@v4
@ -209,18 +145,21 @@ jobs:
- name: Compare against the target branch
if: steps.targetRunId.outputs.targetRunId
run: |
git -C nixpkgs worktree add ../target ${{ needs.attrs.outputs.targetSha }}
git -C nixpkgs diff --name-only ${{ needs.attrs.outputs.targetSha }} \
git -C nixpkgs worktree add ../target ${{ needs.get-merge-commit.outputs.targetSha }}
git -C nixpkgs diff --name-only ${{ needs.get-merge-commit.outputs.targetSha }} \
| jq --raw-input --slurp 'split("\n")[:-1]' > touched-files.json
# Use the target branch to get accurate maintainer info
nix-build target/ci -A eval.compare \
--arg beforeResultDir ./targetResult \
--arg afterResultDir ./prResult \
--arg afterResultDir "$(realpath prResult)" \
--arg touchedFilesJson ./touched-files.json \
--argstr githubAuthorId "$AUTHOR_ID" \
-o comparison
cat comparison/step-summary.md >> "$GITHUB_STEP_SUMMARY"
env:
AUTHOR_ID: ${{ github.event.pull_request.user.id }}
- name: Upload the combined results
if: steps.targetRunId.outputs.targetRunId
@ -232,8 +171,8 @@ jobs:
# Separate job to have a very tightly scoped PR write token
tag:
name: Tag
runs-on: ubuntu-24.04
needs: [ attrs, process ]
runs-on: ubuntu-24.04-arm
needs: [ get-merge-commit, process ]
if: needs.process.outputs.targetRunId
permissions:
pull-requests: write
@ -241,11 +180,15 @@ jobs:
steps:
# See ./codeowners-v2.yml, reuse the same App because we need the same permissions
# Can't use the token received from permissions above, because it can't get enough permissions
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
if: vars.OWNER_APP_ID
id: app-token
with:
app-id: ${{ vars.OWNER_APP_ID }}
private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
permission-administration: read
permission-members: read
permission-pull-requests: write
- name: Download process result
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@ -254,14 +197,14 @@ jobs:
path: comparison
- name: Install Nix
uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
# Important: This workflow job runs with extra permissions,
# so we need to make sure to not run untrusted code from PRs
- name: Check out Nixpkgs at the base commit
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.attrs.outputs.targetSha }}
ref: ${{ needs.get-merge-commit.outputs.targetSha }}
path: base
sparse-checkout: ci
@ -269,11 +212,12 @@ jobs:
run: nix-build base/ci -A requestReviews
- name: Labelling pull request
if: ${{ github.event_name == 'pull_request_target' && github.repository_owner == 'NixOS' }}
run: |
# Get all currently set rebuild labels
# Get all currently set labels that we manage
gh api \
/repos/"$REPOSITORY"/issues/"$NUMBER"/labels \
--jq '.[].name | select(startswith("10.rebuild"))' \
--jq '.[].name | select(startswith("10.rebuild") or . == "11.by: package-maintainer")' \
| sort > before
# And the labels that should be there
@ -303,7 +247,7 @@ jobs:
NUMBER: ${{ github.event.number }}
- name: Add eval summary to commit statuses
if: ${{ github.event_name == 'pull_request_target' }}
if: ${{ github.event_name == 'pull_request_target' && github.repository_owner == 'NixOS' }}
run: |
description=$(jq -r '
"Package: added " + (.attrdiff.added | length | tostring) +
@ -323,6 +267,7 @@ jobs:
NUMBER: ${{ github.event.number }}
- name: Requesting maintainer reviews
if: ${{ steps.app-token.outputs.token && github.repository_owner == 'NixOS' }}
run: |
# maintainers.json contains GitHub IDs. Look up handles to request reviews from.
# There appears to be no API to request reviews based on GitHub IDs

27
.github/workflows/get-merge-commit.yml vendored
View file

@ -1,19 +1,30 @@
name: Get merge commit
on:
pull_request:
paths:
- .github/workflows/get-merge-commit.yml
workflow_call:
outputs:
mergedSha:
description: "The merge commit SHA"
value: ${{ jobs.resolve-merge-commit.outputs.mergedSha }}
targetSha:
description: "The target commit SHA"
value: ${{ jobs.resolve-merge-commit.outputs.targetSha }}
systems:
description: "The supported systems"
value: ${{ jobs.resolve-merge-commit.outputs.systems }}
permissions: {}
jobs:
resolve-merge-commit:
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
outputs:
mergedSha: ${{ steps.merged.outputs.mergedSha }}
targetSha: ${{ steps.merged.outputs.targetSha }}
systems: ${{ steps.systems.outputs.systems }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
@ -30,14 +41,18 @@ jobs:
push)
echo "mergedSha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
;;
pull_request_target)
if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
echo "Checking the merge commit $mergedSha"
echo "mergedSha=$mergedSha" >> "$GITHUB_OUTPUT"
pull_request*)
if commits=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then
echo -e "Checking the commits:\n$commits"
echo "$commits" >> "$GITHUB_OUTPUT"
else
# Skipping so that no notifications are sent
echo "Skipping the rest..."
fi
;;
esac
rm -rf base
- name: Load supported systems
id: systems
run: |
echo "systems=$(jq -c <base/ci/supportedSystems.json)" >> "$GITHUB_OUTPUT"

40
.github/workflows/keep-sorted.yml vendored
View file

@ -1,40 +0,0 @@
name: Check that files are sorted
on:
pull_request_target:
types: [opened, synchronize, reopened]
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixos:
name: keep-sorted
runs-on: ubuntu-24.04
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- name: Get Nixpkgs revision for keep-sorted
run: |
# Pin to a commit from nixpkgs-unstable to avoid e.g. building nixfmt from staging.
# This should not be a URL, because it would allow PRs to run arbitrary code in CI!
rev=$(jq -r .rev ci/pinned-nixpkgs.json)
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=${{ env.url }}
- name: Install keep-sorted
run: "nix-env -f '<nixpkgs>' -iAP keep-sorted jq"
- name: Check that Nix files are sorted
run: |
git ls-files | xargs keep-sorted --mode lint | jq --raw-output '.[] | "Please make sure any new entries in \(.path) are sorted alphabetically."'

31
.github/workflows/labels.yml vendored
View file

@ -16,16 +16,45 @@ permissions:
jobs:
labels:
name: label-pr
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
if: |
github.event.pull_request.head.repo.owner.login != 'NixOS' || !(
github.head_ref == 'haskell-updates' ||
github.head_ref == 'python-updates' ||
github.head_ref == 'staging-next' ||
startsWith(github.head_ref, 'staging-next-')
)
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
configuration-path: .github/labeler.yml # default
sync-labels: true
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
if: |
github.event.pull_request.head.repo.owner.login != 'NixOS' || !(
github.head_ref == 'haskell-updates' ||
github.head_ref == 'python-updates' ||
github.head_ref == 'staging-next' ||
startsWith(github.head_ref, 'staging-next-')
)
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
configuration-path: .github/labeler-no-sync.yml
sync-labels: false
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
# Development branches like staging-next, haskell-updates and python-updates get special labels.
# This is to avoid the mass of labels there, which is mostly useless - and really annoying for
# the backport labels.
if: |
github.event.pull_request.head.repo.owner.login == 'NixOS' && (
github.head_ref == 'haskell-updates' ||
github.head_ref == 'python-updates' ||
github.head_ref == 'staging-next' ||
startsWith(github.head_ref, 'staging-next-')
)
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
configuration-path: .github/labeler-development-branches.yml
sync-labels: true

34
.github/workflows/lib-tests.yml vendored Normal file
View file

@ -0,0 +1,34 @@
name: "Building Nixpkgs lib-tests"
on:
pull_request:
paths:
- .github/workflows/lib-tests.yml
pull_request_target:
paths:
- 'lib/**'
- 'maintainers/**'
permissions: {}
jobs:
get-merge-commit:
uses: ./.github/workflows/get-merge-commit.yml
nixpkgs-lib-tests:
name: nixpkgs-lib-tests
runs-on: ubuntu-24.04
needs: get-merge-commit
if: needs.get-merge-commit.outputs.mergedSha
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
- name: Building Nixpkgs lib-tests
run: |
nix-build ci -A lib-tests

7
.github/workflows/lint-actions.sh vendored
View file

@ -1,7 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash actionlint shellcheck -I nixpkgs=../..
set -euo pipefail
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
cd "$SCRIPT_DIR/../.."
actionlint

20
.github/workflows/manual-nixos-v2.yml vendored
View file

@ -1,6 +1,9 @@
name: "Build NixOS manual v2"
on:
pull_request:
paths:
- .github/workflows/manual-nixos-v2.yml
pull_request_target:
branches:
- master
@ -22,23 +25,22 @@ jobs:
strategy:
fail-fast: false
matrix:
system:
- x86_64-linux
- aarch64-linux
runs-on: >-
${{ (matrix.system == 'x86_64-linux' && 'ubuntu-24.04')
|| (matrix.system == 'aarch64-linux' && 'ubuntu-24.04-arm') }}
include:
- runner: ubuntu-24.04
system: x86_64-linux
- runner: ubuntu-24.04-arm
system: aarch64-linux
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
if: github.repository_owner == 'NixOS'
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
@ -46,7 +48,7 @@ jobs:
- name: Build NixOS manual
id: build-manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true nixos/release.nix -A manual.${{ matrix.system }}
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true ci -A manual-nixos --argstr system ${{ matrix.system }}
- name: Upload NixOS manual
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

12
.github/workflows/manual-nixpkgs-v2.yml vendored
View file

@ -1,35 +1,37 @@
name: "Build Nixpkgs manual v2"
on:
pull_request:
paths:
- .github/workflows/manual-nixpkgs-v2.yml
pull_request_target:
branches:
- master
paths:
- 'doc/**'
- 'lib/**'
- 'pkgs/tools/nix/nixdoc/**'
- 'pkgs/by-name/ni/nixdoc/**'
permissions: {}
jobs:
nixpkgs:
name: nixpkgs-manual-build
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
- uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
if: github.repository_owner == 'NixOS'
with:
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
name: nixpkgs-ci
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Building Nixpkgs manual
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual -A manual.tests
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true ci -A manual-nixpkgs -A manual-nixpkgs-tests

30
.github/workflows/nix-parse-v2.yml vendored
View file

@ -1,6 +1,9 @@
name: "Check whether nix files are parseable v2"
on:
pull_request:
paths:
- .github/workflows/nix-parse-v2.yml
pull_request_target:
permissions: {}
@ -11,37 +14,20 @@ jobs:
tests:
name: nix-files-parseable-check
runs-on: ubuntu-24.04
runs-on: ubuntu-24.04-arm
needs: get-merge-commit
if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')"
steps:
- name: Get list of changed files from PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
repos/${{ github.repository }}/pulls/${{github.event.number}}/files --paginate \
| jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
> "$HOME/changed_files"
if [[ -s "$HOME/changed_files" ]]; then
echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.get-merge-commit.outputs.mergedSha }}
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
with:
extra_nix_config: sandbox = true
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Parse all changed or added nix files
- name: Parse all nix files
run: |
ret=0
while IFS= read -r file; do
out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
done < "$HOME/changed_files"
exit "$ret"
if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
# Tests multiple versions at once, let's make sure all of them run, so keep-going.
nix-build ci -A parse --keep-going

5
.github/workflows/nixpkgs-vet.yml vendored
View file

@ -6,6 +6,9 @@
name: Vet nixpkgs
on:
pull_request:
paths:
- .github/workflows/nixpkgs-vet.yml
pull_request_target:
# This workflow depends on the base branch of the PR, but changing the base branch is not included in the default trigger events, which would be `opened`, `synchronize` or `reopened`.
# Instead it causes an `edited` event, so we need to add it explicitly here.
@ -43,7 +46,7 @@ jobs:
git worktree add "$target" "$(git rev-parse HEAD^1)"
echo "target=$target" >> "$GITHUB_ENV"
- uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
- uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
- name: Fetching the pinned tool
# Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh

13
.github/workflows/no-channel.yml vendored
View file

@ -1,19 +1,22 @@
name: "No channel PR"
on:
pull_request:
paths:
- .github/workflows/no-channel.yml
pull_request_target:
# Re-run should be triggered when the base branch is updated, instead of silently failing
types: [opened, synchronize, reopened, edited]
branches:
- 'nixos-**'
- 'nixpkgs-**'
permissions: {}
jobs:
fail:
name: "This PR is is targeting a channel branch"
runs-on: ubuntu-24.04
if: |
startsWith(github.event.pull_request.base.ref, 'nixos-') ||
startsWith(github.event.pull_request.base.ref, 'nixpkgs-')
name: "This PR is targeting a channel branch"
runs-on: ubuntu-24.04-arm
steps:
- run: |
cat <<EOF

8
.github/workflows/periodic-merge-24h.yml vendored
View file

@ -31,10 +31,16 @@ jobs:
into: staging-next-24.11
- from: staging-next-24.11
into: staging-24.11
- from: master staging
- from: release-25.05
into: staging-next-25.05
- from: staging-next-25.05
into: staging-25.05
- name: merge-base(master,staging) → haskell-updates
from: master staging
into: haskell-updates
uses: ./.github/workflows/periodic-merge.yml
with:
from: ${{ matrix.pairs.from }}
into: ${{ matrix.pairs.into }}
name: ${{ matrix.pairs.name || format('{0} → {1}', matrix.pairs.from, matrix.pairs.into) }}
secrets: inherit

1
.github/workflows/periodic-merge-6h.yml vendored
View file

@ -35,4 +35,5 @@ jobs:
with:
from: ${{ matrix.pairs.from }}
into: ${{ matrix.pairs.into }}
name: ${{ format('{0} → {1}', matrix.pairs.from, matrix.pairs.into) }}
secrets: inherit

7
.github/workflows/periodic-merge.yml vendored
View file

@ -14,16 +14,17 @@ on:
jobs:
merge:
runs-on: ubuntu-24.04
name: ${{ inputs.from }} → ${{ inputs.into }}
runs-on: ubuntu-24.04-arm
steps:
# Use a GitHub App to create the PR so that CI gets triggered
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
- uses: actions/create-github-app-token@af35edadc00be37caa72ed9f3e6d5f7801bfdf09 # v1.11.7
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
id: app-token
with:
app-id: ${{ vars.NIXPKGS_CI_APP_ID }}
private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

4
CONTRIBUTING.md
View file

@ -345,7 +345,7 @@ See [Nix Channel Status](https://status.nixos.org/) for the current channels and
Here's a brief overview of the main Git branches and what channels they're used for:
- `master`: The main branch, used for the unstable channels such as `nixpkgs-unstable`, `nixos-unstable` and `nixos-unstable-small`.
- `release-YY.MM` (e.g. `release-25.05`): The NixOS release branches, used for the stable channels such as `nixos-25.05`, `nixos-25.05-small` and `nixpkgs-25.05-darwin`.
- `release-YY.MM` (e.g. `release-25.11`): The NixOS release branches, used for the stable channels such as `nixos-25.11`, `nixos-25.11-small` and `nixpkgs-25.11-darwin`.
When a channel is updated, a corresponding Git branch is also updated to point to the corresponding commit.
So e.g. the [`nixpkgs-unstable` branch](https://github.com/nixos/nixpkgs/tree/nixpkgs-unstable) corresponds to the Git commit from the [`nixpkgs-unstable` channel](https://channels.nixos.org/nixpkgs-unstable).
@ -533,7 +533,7 @@ Names of files and directories should be in lowercase, with dashes between words
### Formatting
CI [enforces](./.github/workflows/check-nix-format.yml) all Nix files to be
CI [enforces](./.github/workflows/check-format.yml) all Nix files to be
formatted using the [official Nix formatter](https://github.com/NixOS/nixfmt).
You can ensure this locally using either of these commands:

6
README.md
View file

@ -1,9 +1,9 @@
<p align="center">
<a href="https://nixos.org">
<picture>
<source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png">
<source media="(prefers-color-scheme: light)" srcset="https://nixos.org/logo/nixos-hires.png">
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/NixOS/nixos-artwork/master/logo/nixos-white.png">
<img src="https://raw.githubusercontent.com/NixOS/nixos-homepage/main/public/logo/nixos-hires.png" width="500px" alt="NixOS logo">
<img src="https://nixos.org/logo/nixos-hires.png" width="500px" alt="NixOS logo">
</picture>
</a>
</p>
@ -14,7 +14,7 @@
</p>
[Nixpkgs](https://github.com/nixos/nixpkgs) is a collection of over
100,000 software packages that can be installed with the
120,000 software packages that can be installed with the
[Nix](https://nixos.org/nix/) package manager. It also implements
[NixOS](https://nixos.org/nixos/), a purely-functional Linux distribution.

48
ci/OWNERS
View file

@ -16,7 +16,7 @@
# CI
/.github/*_TEMPLATE* @SigmaSquadron
/.github/workflows @NixOS/Security @Mic92 @zowoq @infinisil @azuwis @wolfgangwalther
/.github/workflows/check-nix-format.yml @infinisil @wolfgangwalther
/.github/workflows/check-format.yml @infinisil @wolfgangwalther
/.github/workflows/codeowners-v2.yml @infinisil @wolfgangwalther
/.github/workflows/nixpkgs-vet.yml @infinisil @philiptaron @wolfgangwalther
/ci @infinisil @philiptaron @NixOS/Security @wolfgangwalther
@ -171,14 +171,19 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
/pkgs/top-level/python-packages.nix @natsukium
/pkgs/top-level/release-python.nix @natsukium
# CUDA
/pkgs/top-level/cuda-packages.nix @NixOS/cuda-maintainers
/pkgs/top-level/release-cuda.nix @NixOS/cuda-maintainers
/pkgs/development/cuda-modules @NixOS/cuda-maintainers
# Haskell
/doc/languages-frameworks/haskell.section.md @sternenseemann @maralorn
/maintainers/scripts/haskell @sternenseemann @maralorn
/pkgs/development/compilers/ghc @sternenseemann @maralorn
/pkgs/development/haskell-modules @sternenseemann @maralorn
/pkgs/test/haskell @sternenseemann @maralorn
/pkgs/top-level/release-haskell.nix @sternenseemann @maralorn
/pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn
/doc/languages-frameworks/haskell.section.md @sternenseemann @maralorn @wolfgangwalther
/maintainers/scripts/haskell @sternenseemann @maralorn @wolfgangwalther
/pkgs/development/compilers/ghc @sternenseemann @maralorn @wolfgangwalther
/pkgs/development/haskell-modules @sternenseemann @maralorn @wolfgangwalther
/pkgs/test/haskell @sternenseemann @maralorn @wolfgangwalther
/pkgs/top-level/release-haskell.nix @sternenseemann @maralorn @wolfgangwalther
/pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn @wolfgangwalther
# Perl
/pkgs/development/interpreters/perl @stigtsp @zakame @marcusramberg
@ -206,6 +211,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobeza
/pkgs/development/compilers/gcc
/pkgs/development/compilers/llvm @alyssais @RossComputerGuy @NixOS/llvm
/pkgs/development/compilers/emscripten @raitobezarius
/doc/toolchains/llvm.chapter.md @alyssais @RossComputerGuy @NixOS/llvm
/doc/languages-frameworks/emscripten.section.md @raitobezarius
# Audio
@ -251,6 +257,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/maintainers/scripts/kde @K900 @NickCao @SuperSandro2000 @ttuegel
# PostgreSQL and related stuff
/pkgs/by-name/po/postgresqlTestHook @NixOS/postgres
/pkgs/by-name/ps/psqlodbc @NixOS/postgres
/pkgs/servers/sql/postgresql @NixOS/postgres
/pkgs/development/tools/rust/cargo-pgrx @NixOS/postgres
@ -299,9 +306,12 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/pkgs/servers/http/nginx/ @raitobezarius
/nixos/modules/services/web-servers/nginx/ @raitobezarius
# D
/pkgs/build-support/dlang @jtbx @TomaSajt
# Dhall
/pkgs/development/dhall-modules @Gabriella439 @Profpatsch @ehmry
/pkgs/development/interpreters/dhall @Gabriella439 @Profpatsch @ehmry
/pkgs/development/dhall-modules @Gabriella439 @Profpatsch
/pkgs/development/interpreters/dhall @Gabriella439 @Profpatsch
# Idris
/pkgs/development/idris-modules @Infinisil
@ -326,6 +336,9 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
# Kakoune
/pkgs/applications/editors/kakoune @philiptaron
# LuaPackages
/pkgs/development/lua-modules @NixOS/lua
# Neovim
/pkgs/applications/editors/neovim @NixOS/neovim
@ -372,12 +385,6 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
# Xfce
/doc/hooks/xfce4-dev-tools.section.md @NixOS/xfce
# nim
/doc/languages-frameworks/nim.section.md @ehmry
/pkgs/build-support/build-nim-package.nix @ehmry
/pkgs/build-support/build-nim-sbom.nix @ehmry
/pkgs/top-level/nim-overrides.nix @ehmry
# terraform providers
/pkgs/applications/networking/cluster/terraform-providers @zowoq
@ -460,3 +467,12 @@ pkgs/development/beam-modules/ @NixOS/beam
pkgs/development/interpreters/erlang/ @NixOS/beam
pkgs/development/interpreters/elixir/ @NixOS/beam
pkgs/development/interpreters/lfe/ @NixOS/beam
# OctoDNS
pkgs/by-name/oc/octodns/ @anthonyroussel
# Teleport
pkgs/by-name/te/teleport* @arianvp @justinas @sigma @tomberek @freezeboy @techknowlogick @JuliusFreudenberger
# Warp-terminal
pkgs/by-name/wa/warp-terminal/ @emilytrau @imadnyc @donteatoreo @johnrtitor

4
ci/README.md
View file

@ -44,14 +44,14 @@ Why not just build the tooling right from the PRs Nixpkgs version?
## `get-merge-commit.sh GITHUB_REPO PR_NUMBER`
Check whether a PR is mergeable and return the test merge commit as
[computed by GitHub](https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests).
[computed by GitHub](https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests) and its parent.
Arguments:
- `GITHUB_REPO`: The repository of the PR, e.g. `NixOS/nixpkgs`
- `PR_NUMBER`: The PR number, e.g. `1234`
Exit codes:
- 0: The PR can be merged, the test merge commit hash is returned on stdout
- 0: The PR can be merged, the hashes of the test merge commit and the target commit are returned on stdout
- 1: The PR cannot be merged because it's not open anymore
- 2: The PR cannot be merged because it has a merge conflict
- 3: The merge commit isn't being computed, GitHub is likely having internal issues, unknown if the PR is mergeable

28
ci/default.nix
View file

@ -44,18 +44,26 @@ let
# By default it's info, which is too noisy since we have many unmatched files
settings.on-unmatched = "debug";
programs.actionlint.enable = true;
programs.keep-sorted.enable = true;
# This uses nixfmt-rfc-style underneath,
# the default formatter for Nix code.
# See https://github.com/NixOS/nixfmt
programs.nixfmt.enable = true;
settings.formatter.editorconfig-checker = {
command = "${pkgs.lib.getExe pkgs.editorconfig-checker}";
options = [ "-disable-indent-size" ];
includes = [ "*" ];
priority = 1;
};
};
fs = pkgs.lib.fileset;
nixFilesSrc = fs.toSource {
root = ../.;
fileset = fs.difference (fs.unions [
(fs.fileFilter (file: file.hasExt "nix") ../.)
../.git-blame-ignore-revs
]) (fs.maybeMissing ../.git);
fileset = fs.difference ../. (fs.maybeMissing ../.git);
};
in
{
@ -70,4 +78,16 @@ in
requestReviews = pkgs.callPackage ./request-reviews { };
codeownersValidator = pkgs.callPackage ./codeowners-validator { };
eval = pkgs.callPackage ./eval { };
# CI jobs
lib-tests = import ../lib/tests/release.nix { inherit pkgs; };
manual-nixos = (import ../nixos/release.nix { }).manual.${system} or null;
manual-nixpkgs = (import ../pkgs/top-level/release.nix { }).manual;
manual-nixpkgs-tests = (import ../pkgs/top-level/release.nix { }).manual.tests;
parse = pkgs.lib.recurseIntoAttrs {
latest = pkgs.callPackage ./parse.nix { nix = pkgs.nixVersions.latest; };
lix = pkgs.callPackage ./parse.nix { nix = pkgs.lix; };
minimum = pkgs.callPackage ./parse.nix { nix = pkgs.nixVersions.minimum; };
};
shell = import ../shell.nix { inherit nixpkgs system; };
}

2
ci/eval/README.md
View file

@ -11,7 +11,7 @@ nix-build ci -A eval.full \
--arg evalSystems '["x86_64-linux" "aarch64-darwin"]'
```
- `--max-jobs`: The maximum number of derivations to run at the same time. Only each [supported system](../supportedSystems.nix) gets a separate derivation, so it doesn't make sense to set this higher than that number.
- `--max-jobs`: The maximum number of derivations to run at the same time. Only each [supported system](../supportedSystems.json) gets a separate derivation, so it doesn't make sense to set this higher than that number.
- `--cores`: The number of cores to use for each job. Recommended to set this to the amount of cores on your system divided by `--max-jobs`.
- `chunkSize`: The number of attributes that are evaluated simultaneously on a single core. Lowering this decreases memory usage at the cost of increased evaluation time. If this is too high, there won't be enough chunks to process them in parallel, and will also increase evaluation time.
- `evalSystems`: The set of systems for which `nixpkgs` should be evaluated. Defaults to the four official platforms (`x86_64-linux`, `aarch64-linux`, `x86_64-darwin` and `aarch64-darwin`).

154
ci/eval/compare/cmp-stats.py Normal file
View file

@ -0,0 +1,154 @@
import json
import os
from scipy.stats import ttest_rel
import pandas as pd
import numpy as np
from pathlib import Path
# Define metrics of interest (can be expanded as needed)
METRIC_PREFIXES = ("nr", "gc")
def flatten_data(json_data: dict) -> dict:
"""
Extracts and flattens metrics from JSON data.
This is needed because the JSON data can be nested.
For example, the JSON data entry might look like this:
"gc":{"cycles":13,"heapSize":5404549120,"totalBytes":9545876464}
Flattened:
"gc.cycles": 13
"gc.heapSize": 5404549120
...
Args:
json_data (dict): JSON data containing metrics.
Returns:
dict: Flattened metrics with keys as metric names.
"""
flat_metrics = {}
for k, v in json_data.items():
if isinstance(v, (int, float)):
flat_metrics[k] = v
elif isinstance(v, dict):
for sub_k, sub_v in v.items():
flat_metrics[f"{k}.{sub_k}"] = sub_v
return flat_metrics
def load_all_metrics(directory: Path) -> dict:
"""
Loads all stats JSON files in the specified directory and extracts metrics.
Args:
directory (Path): Directory containing JSON files.
Returns:
dict: Dictionary with filenames as keys and extracted metrics as values.
"""
metrics = {}
for system_dir in directory.iterdir():
assert system_dir.is_dir()
for chunk_output in system_dir.iterdir():
with chunk_output.open() as f:
data = json.load(f)
metrics[f"{system_dir.name}/${chunk_output.name}"] = flatten_data(data)
return metrics
def dataframe_to_markdown(df: pd.DataFrame) -> str:
df = df.sort_values(by=df.columns[0], ascending=True)
markdown_lines = []
# Header (get column names and format them)
header = '\n| ' + ' | '.join(df.columns) + ' |'
markdown_lines.append(header)
markdown_lines.append("| - " * (len(df.columns)) + "|") # Separator line
# Iterate over rows to build Markdown rows
for _, row in df.iterrows():
# TODO: define threshold for highlighting
highlight = False
fmt = lambda x: f"**{x}**" if highlight else f"{x}"
# Check for no change and NaN in p_value/t_stat
row_values = []
for val in row:
if isinstance(val, float) and np.isnan(val): # For NaN values in p-value or t-stat
row_values.append("-") # Custom symbol for NaN
elif isinstance(val, float) and val == 0: # For no change (mean_diff == 0)
row_values.append("-") # Custom symbol for no change
else:
row_values.append(fmt(f"{val:.4f}" if isinstance(val, float) else str(val)))
markdown_lines.append('| ' + ' | '.join(row_values) + ' |')
return '\n'.join(markdown_lines)
def perform_pairwise_tests(before_metrics: dict, after_metrics: dict) -> pd.DataFrame:
common_files = sorted(set(before_metrics) & set(after_metrics))
all_keys = sorted({ metric_keys for file_metrics in before_metrics.values() for metric_keys in file_metrics.keys() })
results = []
for key in all_keys:
before_vals, after_vals = [], []
for fname in common_files:
if key in before_metrics[fname] and key in after_metrics[fname]:
before_vals.append(before_metrics[fname][key])
after_vals.append(after_metrics[fname][key])
if len(before_vals) >= 2:
before_arr = np.array(before_vals)
after_arr = np.array(after_vals)
diff = after_arr - before_arr
pct_change = 100 * diff / before_arr
t_stat, p_val = ttest_rel(after_arr, before_arr)
results.append({
"metric": key,
"mean_before": np.mean(before_arr),
"mean_after": np.mean(after_arr),
"mean_diff": np.mean(diff),
"mean_%_change": np.mean(pct_change),
"p_value": p_val,
"t_stat": t_stat
})
df = pd.DataFrame(results).sort_values("p_value")
return df
if __name__ == "__main__":
before_dir = os.environ.get("BEFORE_DIR")
after_dir = os.environ.get("AFTER_DIR")
if not before_dir or not after_dir:
print("Error: Environment variables 'BEFORE_DIR' and 'AFTER_DIR' must be set.")
exit(1)
before_stats = Path(before_dir) / "stats"
after_stats = Path(after_dir) / "stats"
# This may happen if the pull request target does not include PR#399720 yet.
if not before_stats.exists():
print("⚠️ Skipping comparison: stats directory is missing in the target commit.")
exit(0)
# This should never happen, but we're exiting gracefully anyways
if not after_stats.exists():
print("⚠️ Skipping comparison: stats directory missing in current PR evaluation.")
exit(0)
before_metrics = load_all_metrics(before_stats)
after_metrics = load_all_metrics(after_stats)
df1 = perform_pairwise_tests(before_metrics, after_metrics)
markdown_table = dataframe_to_markdown(df1)
print(markdown_table)

63
ci/eval/compare/default.nix
View file

@ -3,12 +3,15 @@
jq,
runCommand,
writeText,
python3,
...
}:
{
beforeResultDir,
afterResultDir,
touchedFilesJson,
githubAuthorId,
byName ? false,
}:
let
/*
@ -112,29 +115,79 @@ let
# Adds "10.rebuild-*-stdenv" label if the "stdenv" attribute was changed
++ lib.mapAttrsToList (kernel: _: "10.rebuild-${kernel}-stdenv") (
lib.filterAttrs (_: kernelRebuilds: kernelRebuilds ? "stdenv") rebuildsByKernel
);
)
# Adds the "11.by: package-maintainer" label if all of the packages directly
# changed are maintained by the PR's author. (https://github.com/NixOS/ofborg/blob/df400f44502d4a4a80fa283d33f2e55a4e43ee90/ofborg/src/tagger.rs#L83-L88)
++ lib.optional (
maintainers ? ${githubAuthorId}
&& lib.all (lib.flip lib.elem maintainers.${githubAuthorId}) (
lib.flatten (lib.attrValues maintainers)
)
) "11.by: package-maintainer";
}
);
maintainers = import ./maintainers.nix {
changedattrs = lib.attrNames (lib.groupBy (a: a.name) rebuildsPackagePlatformAttrs);
changedpathsjson = touchedFilesJson;
inherit byName;
};
in
runCommand "compare"
{
nativeBuildInputs = [ jq ];
nativeBuildInputs = [
jq
(python3.withPackages (
ps: with ps; [
numpy
pandas
scipy
]
))
];
maintainers = builtins.toJSON maintainers;
passAsFile = [ "maintainers" ];
env = {
BEFORE_DIR = "${beforeResultDir}";
AFTER_DIR = "${afterResultDir}";
};
}
''
mkdir $out
cp ${changed-paths} $out/changed-paths.json
jq -r -f ${./generate-step-summary.jq} < ${changed-paths} > $out/step-summary.md
if jq -e '(.attrdiff.added | length == 0) and (.attrdiff.removed | length == 0)' "${changed-paths}" > /dev/null; then
# Chunks have changed between revisions
# We cannot generate a performance comparison
{
echo
echo "# Performance comparison"
echo
echo "This compares the performance of this branch against its pull request base branch (e.g., 'master')"
echo
echo "For further help please refer to: [ci/README.md](https://github.com/NixOS/nixpkgs/blob/master/ci/README.md)"
echo
} >> $out/step-summary.md
python3 ${./cmp-stats.py} >> $out/step-summary.md
else
# Package chunks are the same in both revisions
# We can use the to generate a performance comparison
{
echo
echo "# Performance Comparison"
echo
echo "Performance stats were skipped because the package sets differ between the two revisions."
echo
echo "For further help please refer to: [ci/README.md](https://github.com/NixOS/nixpkgs/blob/master/ci/README.md)"
} >> $out/step-summary.md
fi
jq -r -f ${./generate-step-summary.jq} < ${changed-paths} >> $out/step-summary.md
cp "$maintainersPath" "$out/maintainers.json"
# TODO: Compare eval stats
''

23
ci/eval/compare/maintainers.nix
View file

@ -1,5 +1,9 @@
# Almost directly vendored from https://github.com/NixOS/ofborg/blob/5a4e743f192fb151915fcbe8789922fa401ecf48/ofborg/src/maintainers.nix
{ changedattrs, changedpathsjson }:
{
changedattrs,
changedpathsjson,
byName ? false,
}:
let
pkgs = import ../../.. {
system = "x86_64-linux";
@ -41,7 +45,16 @@ let
) validPackageAttributes;
attrsWithMaintainers = builtins.map (
pkg: pkg // { maintainers = (pkg.package.meta or { }).maintainers or [ ]; }
pkg:
let
meta = pkg.package.meta or { };
in
pkg
// {
# TODO: Refactor this so we can ping entire teams instead of the individual members.
# Note that this will require keeping track of GH team IDs in "maintainers/teams.nix".
maintainers = meta.maintainers or [ ];
}
) attrsWithPackages;
relevantFilenames =
@ -49,7 +62,8 @@ let
(lib.lists.unique (
builtins.map (pos: lib.strings.removePrefix (toString ../..) pos.file) (
builtins.filter (x: x != null) [
(builtins.unsafeGetAttrPos "maintainers" (drv.meta or { }))
((drv.meta or { }).maintainersPosition or null)
((drv.meta or { }).teamsPosition or null)
(builtins.unsafeGetAttrPos "src" drv)
# broken because name is always set by stdenv:
# # A hack to make `nix-env -qa` and `nix search` ignore broken packages.
@ -83,12 +97,13 @@ let
pkg:
builtins.map (maintainer: {
id = maintainer.githubId;
inherit (maintainer) github;
packageName = pkg.name;
dueToFiles = pkg.filenames;
}) pkg.maintainers
) attrsWithModifiedFiles;
byMaintainer = lib.groupBy (ping: toString ping.id) listToPing;
byMaintainer = lib.groupBy (ping: toString ping.${if byName then "github" else "id"}) listToPing;
packagesPerMaintainer = lib.attrsets.mapAttrs (
maintainer: packages: builtins.map (pkg: pkg.packageName) packages

26
ci/eval/default.nix
View file

@ -9,6 +9,7 @@
nixVersions,
jq,
sta,
python3,
}:
let
@ -25,16 +26,19 @@ let
"nixos"
"pkgs"
".version"
"ci/supportedSystems.nix"
"ci/supportedSystems.json"
]
);
};
nix = nixVersions.nix_2_24;
nix = nixVersions.latest;
supportedSystems = import ../supportedSystems.nix;
supportedSystems = builtins.fromJSON (builtins.readFile ../supportedSystems.json);
attrpathsSuperset =
{
evalSystem,
}:
runCommand "attrpaths-superset.json"
{
src = nixpkgs;
@ -42,8 +46,6 @@ let
nix
time
];
env.supportedSystems = builtins.toJSON supportedSystems;
passAsFile = [ "supportedSystems" ];
}
''
export NIX_STATE_DIR=$(mktemp -d)
@ -56,8 +58,8 @@ let
-I "$src" \
--option restrict-eval true \
--option allow-import-from-derivation false \
--option eval-system "${evalSystem}" \
--arg enableWarnings false > $out/paths.json
mv "$supportedSystemsPath" $out/systems.json
'';
singleSystem =
@ -67,7 +69,7 @@ let
# because `--argstr system` would only be passed to the ci/default.nix file!
evalSystem,
# The path to the `paths.json` file from `attrpathsSuperset`
attrpathFile,
attrpathFile ? "${attrpathsSuperset { inherit evalSystem; }}/paths.json",
# The number of attributes per chunk, see ./README.md for more info.
chunkSize,
checkMeta ? true,
@ -179,6 +181,8 @@ let
xargs -I{} -P"$cores" \
${singleChunk} "$chunkSize" {} "$evalSystem" "$chunkOutputDir"
cp -r "$chunkOutputDir"/stats $out/stats-by-chunk
if (( chunkSize * chunkCount != attrCount )); then
# A final incomplete chunk would mess up the stats, don't include it
rm "$chunkOutputDir"/stats/"$seq_end"
@ -253,6 +257,12 @@ let
done
} |
jq -s from_entries > $out/stats.json
mkdir -p $out/stats
for d in ${resultsDir}/*; do
cp -r "$d"/stats-by-chunk $out/stats/$(basename "$d")
done
'';
compare = import ./compare {
@ -262,6 +272,7 @@ let
runCommand
writeText
supportedSystems
python3
;
};
@ -279,7 +290,6 @@ let
name = evalSystem;
path = singleSystem {
inherit quickTest evalSystem chunkSize;
attrpathFile = attrpathsSuperset + "/paths.json";
};
}) evalSystems
);

5
ci/get-merge-commit.sh
View file

@ -55,7 +55,10 @@ done
if [[ "$mergeable" == "true" ]]; then
log "The PR can be merged"
jq -r .merge_commit_sha <<< "$prInfo"
mergedSha="$(jq -r .merge_commit_sha <<< "$prInfo")"
echo "mergedSha=$mergedSha"
targetSha="$(gh api "/repos/$repo/commits/$mergedSha" --jq '.parents[0].sha')"
echo "targetSha=$targetSha"
else
log "The PR has a merge conflict"
exit 2

43
ci/parse.nix Normal file
View file

@ -0,0 +1,43 @@
{
lib,
nix,
runCommand,
}:
let
nixpkgs =
with lib.fileset;
toSource {
root = ../.;
fileset = (fileFilter (file: file.hasExt "nix") ../.);
};
in
runCommand "nix-parse-${nix.name}"
{
nativeBuildInputs = [
nix
];
}
''
export NIX_STORE_DIR=$TMPDIR/store
export NIX_STATE_DIR=$TMPDIR/state
cd "${nixpkgs}"
# Passes all files to nix-instantiate at once.
# Much faster, but will only show first error.
parse-all() {
find . -type f -iname '*.nix' | xargs -P $(nproc) nix-instantiate --parse >/dev/null 2>/dev/null
}
# Passes each file separately to nix-instantiate with -n1.
# Much slower, but will show all errors.
parse-each() {
find . -type f -iname '*.nix' | xargs -n1 -P $(nproc) nix-instantiate --parse >/dev/null
}
if ! parse-all; then
parse-each
fi
touch $out
''

4
ci/pinned-nixpkgs.json
View file

@ -1,4 +1,4 @@
{
"rev": "573c650e8a14b2faa0041645ab18aed7e60f0c9a",
"sha256": "0qg99zj0gb0pc6sjlkmwhk1c1xz14qxmk6gamgfmcxpsfdp5vn72"
"rev": "eaeed9530c76ce5f1d2d8232e08bec5e26f18ec1",
"sha256": "132nimgi1g88fbhddk4b8b1qk68jly494x2mnphyk3xa1d2wy9q7"
}

6
ci/supportedSystems.json Normal file
View file

@ -0,0 +1,6 @@
[
"aarch64-linux",
"aarch64-darwin",
"x86_64-linux",
"x86_64-darwin"
]

6
ci/supportedSystems.nix
View file

@ -1,6 +0,0 @@
[
"aarch64-linux"
"aarch64-darwin"
"x86_64-linux"
"x86_64-darwin"
]

22
doc/README.md
View file

@ -34,7 +34,27 @@ $ nix-build doc
If the build succeeds, the manual will be in `./result/share/doc/nixpkgs/manual.html`.
### devmode
### Development environment
In order to reduce repetition, consider using tools from the provided development environment:
Load it from the Nixpkgs documentation directory with
```ShellSession
$ cd /path/to/nixpkgs/doc
$ nix-shell
```
To load the development utilities automatically when entering that directory, [set up `nix-direnv`](https://nix.dev/guides/recipes/direnv).
Make sure that your local files aren't added to Git history by adding the following lines to `.git/info/exclude` at the root of the Nixpkgs repository:
```
/**/.envrc
/**/.direnv
```
#### `devmode`
The shell in the manual source directory makes available a command, `devmode`.
It is a daemon, that:

29
doc/build-helpers/dev-shell-tools.chapter.md
View file

@ -20,12 +20,12 @@ Converts Nix values to strings in the way the [`derivation` built-in function](h
```nix
devShellTools.valueToString (builtins.toFile "foo" "bar")
=> "/nix/store/...-foo"
# => "/nix/store/...-foo"
```
```nix
devShellTools.valueToString false
=> ""
# => ""
```
:::
@ -42,16 +42,22 @@ This function does not support `__structuredAttrs`, but does support `passAsFile
devShellTools.unstructuredDerivationInputEnv {
drvAttrs = {
name = "foo";
buildInputs = [ hello figlet ];
buildInputs = [
hello
figlet
];
builder = bash;
args = [ "-c" "${./builder.sh}" ];
args = [
"-c"
"${./builder.sh}"
];
};
}
=> {
name = "foo";
buildInputs = "/nix/store/...-hello /nix/store/...-figlet";
builder = "/nix/store/...-bash";
}
# => {
# name = "foo";
# buildInputs = "/nix/store/...-hello /nix/store/...-figlet";
# builder = "/nix/store/...-bash";
#}
```
Note that `args` is not included, because Nix does not added it to the builder process environment.
@ -69,7 +75,10 @@ Takes the relevant parts of a derivation and returns a set of environment variab
let
pkg = hello;
in
devShellTools.derivationOutputEnv { outputList = pkg.outputs; outputMap = pkg; }
devShellTools.derivationOutputEnv {
outputList = pkg.outputs;
outputMap = pkg;
}
```
:::

24
doc/build-helpers/fetchers.chapter.md
View file

@ -491,7 +491,11 @@ It might be useful to manipulate the content downloaded by `fetchurl` directly i
In this example, we'll adapt [](#ex-fetchers-fetchurl-nixpkgs-version) to append the result of running the `hello` package to the contents we download, purely to illustrate how to manipulate the content.
```nix
{ fetchurl, hello, lib }:
{
fetchurl,
hello,
lib,
}:
fetchurl {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/23.11/.version";
@ -714,9 +718,10 @@ A wrapper around `fetchpatch`, which takes:
Here is an example of `fetchDebianPatch` in action:
```nix
{ lib
, fetchDebianPatch
, buildPythonPackage
{
lib,
fetchDebianPatch,
buildPythonPackage,
}:
buildPythonPackage rec {
@ -768,9 +773,14 @@ Additionally, the following optional arguments can be given:
: Whether to fetch LFS objects.
*`preFetch`* (String)
: Shell code to be executed before the repository has been fetched, to allow
changing the environment the fetcher runs in.
*`postFetch`* (String)
: Shell code executed after the file has been fetched successfully.
: Shell code executed after the repository has been fetched successfully.
This can do things like check or transform the file.
*`leaveDotGit`* (Boolean)
@ -914,7 +924,9 @@ It produces packages that cannot be built automatically.
{ fetchtorrent }:
fetchtorrent {
config = { peer-limit-global = 100; };
config = {
peer-limit-global = 100;
};
url = "magnet:?xt=urn:btih:dd8255ecdc7ca55fb0bbf81323d87062db1f6d1c";
hash = "";
}

11
doc/build-helpers/images/appimagetools.section.md
View file

@ -33,7 +33,7 @@ let
version = "0.6.30";
src = fetchurl {
url = "https://github.com/nukeop/nuclear/releases/download/v${version}/${pname}-v${version}.AppImage";
url = "https://github.com/nukeop/nuclear/releases/download/v${version}/nuclear-v${version}.AppImage";
hash = "sha256-he1uGC1M/nFcKpMM9JKY4oeexJcnzV0ZRxhTjtJz6xw=";
};
in
@ -66,7 +66,8 @@ let
url = "https://github.com/irccloud/irccloud-desktop/releases/download/v${version}/IRCCloud-${version}-linux-x86_64.AppImage";
hash = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
};
in appimageTools.wrapType2 {
in
appimageTools.wrapType2 {
inherit pname version src;
extraPkgs = pkgs: [ pkgs.at-spi2-core ];
}
@ -106,7 +107,8 @@ let
appimageContents = appimageTools.extract {
inherit pname version src;
};
in appimageTools.wrapType2 {
in
appimageTools.wrapType2 {
inherit pname version src;
extraPkgs = pkgs: [ pkgs.at-spi2-core ];
@ -150,7 +152,8 @@ let
substituteInPlace $out/irccloud.desktop --replace-fail 'Exec=AppRun' 'Exec=${pname}'
'';
};
in appimageTools.wrapType2 {
in
appimageTools.wrapType2 {
inherit pname version src;
extraPkgs = pkgs: [ pkgs.at-spi2-core ];

2
doc/build-helpers/images/binarycache.section.md
View file

@ -35,7 +35,7 @@ The following derivation will construct a flat-file binary cache containing the
```nix
{ mkBinaryCache, hello }:
mkBinaryCache {
rootPaths = [hello];
rootPaths = [ hello ];
}
```

42
doc/build-helpers/images/dockertools.section.md
View file

@ -235,7 +235,11 @@ The following package builds a Docker image that runs the `redis-server` executa
The Docker image will have name `redis` and tag `latest`.
```nix
{ dockerTools, buildEnv, redis }:
{
dockerTools,
buildEnv,
redis,
}:
dockerTools.buildImage {
name = "redis";
tag = "latest";
@ -253,7 +257,9 @@ dockerTools.buildImage {
config = {
Cmd = [ "/bin/redis-server" ];
WorkingDir = "/data";
Volumes = { "/data" = { }; };
Volumes = {
"/data" = { };
};
};
}
```
@ -286,7 +292,11 @@ It uses `runAsRoot` to create a directory and a file inside the image.
This works the same as [](#ex-dockerTools-buildImage-extraCommands), but uses `runAsRoot` instead of `extraCommands`.
```nix
{ dockerTools, buildEnv, hello }:
{
dockerTools,
buildEnv,
hello,
}:
dockerTools.buildImage {
name = "hello";
tag = "latest";
@ -320,7 +330,11 @@ This works the same as [](#ex-dockerTools-buildImage-runAsRoot), but uses `extra
Note that with `extraCommands`, we can't directly reference `/` and must create files and directories as if we were already on `/`.
```nix
{ dockerTools, buildEnv, hello }:
{
dockerTools,
buildEnv,
hello,
}:
dockerTools.buildImage {
name = "hello";
tag = "latest";
@ -350,7 +364,11 @@ dockerTools.buildImage {
Note that using a value of `"now"` in the `created` attribute will break reproducibility.
```nix
{ dockerTools, buildEnv, hello }:
{
dockerTools,
buildEnv,
hello,
}:
dockerTools.buildImage {
name = "hello";
tag = "latest";
@ -766,7 +784,11 @@ The closure of `config` is automatically included in the generated image.
The following package shows a more compact way to create the same output generated in [](#ex-dockerTools-streamLayeredImage-hello).
```nix
{ dockerTools, hello, lib }:
{
dockerTools,
hello,
lib,
}:
dockerTools.streamLayeredImage {
name = "hello";
tag = "latest";
@ -1547,11 +1569,15 @@ The Docker image generated will have a name like `hello-<version>-env` and tag `
This example uses [](#ex-dockerTools-streamNixShellImage-hello) as a starting point.
```nix
{ dockerTools, cowsay, hello }:
{
dockerTools,
cowsay,
hello,
}:
dockerTools.streamNixShellImage {
tag = "latest";
drv = hello.overrideAttrs (old: {
nativeBuildInputs = old.nativeBuildInputs or [] ++ [
nativeBuildInputs = old.nativeBuildInputs or [ ] ++ [
cowsay
];
});

67
doc/build-helpers/images/makediskimage.section.md
View file

@ -52,23 +52,23 @@ A `deterministic` flag is available for best efforts determinism.
To produce a Nix-store only image:
```nix
let
pkgs = import <nixpkgs> {};
pkgs = import <nixpkgs> { };
lib = pkgs.lib;
make-disk-image = import <nixpkgs/nixos/lib/make-disk-image.nix>;
in
make-disk-image {
inherit pkgs lib;
config = {};
additionalPaths = [ ];
format = "qcow2";
onlyNixStore = true;
partitionTableType = "none";
installBootLoader = false;
touchEFIVars = false;
diskSize = "auto";
additionalSpace = "0M"; # Defaults to 512M.
copyChannel = false;
}
make-disk-image {
inherit pkgs lib;
config = { };
additionalPaths = [ ];
format = "qcow2";
onlyNixStore = true;
partitionTableType = "none";
installBootLoader = false;
touchEFIVars = false;
diskSize = "auto";
additionalSpace = "0M"; # Defaults to 512M.
copyChannel = false;
}
```
Some arguments can be left out, they are shown explicitly for the sake of the example.
@ -78,29 +78,36 @@ Building this derivation will provide a QCOW2 disk image containing only the Nix
To produce a NixOS installation image disk with UEFI and bootloader installed:
```nix
let
pkgs = import <nixpkgs> {};
pkgs = import <nixpkgs> { };
lib = pkgs.lib;
make-disk-image = import <nixpkgs/nixos/lib/make-disk-image.nix>;
evalConfig = import <nixpkgs/nixos/lib/eval-config.nix>;
in
make-disk-image {
inherit pkgs lib;
inherit (evalConfig {
make-disk-image {
inherit pkgs lib;
inherit
(evalConfig {
modules = [
{
fileSystems."/" = { device = "/dev/vda"; fsType = "ext4"; autoFormat = true; };
fileSystems."/" = {
device = "/dev/vda";
fsType = "ext4";
autoFormat = true;
};
boot.grub.device = "/dev/vda";
}
];
}) config;
format = "qcow2";
onlyNixStore = false;
partitionTableType = "legacy+gpt";
installBootLoader = true;
touchEFIVars = true;
diskSize = "auto";
additionalSpace = "0M"; # Defaults to 512M.
copyChannel = false;
memSize = 2048; # Qemu VM memory size in megabytes. Defaults to 1024M.
}
})
config
;
format = "qcow2";
onlyNixStore = false;
partitionTableType = "legacy+gpt";
installBootLoader = true;
touchEFIVars = true;
diskSize = "auto";
additionalSpace = "0M"; # Defaults to 512M.
copyChannel = false;
memSize = 2048; # Qemu VM memory size in megabytes. Defaults to 1024M.
}
```

6
doc/build-helpers/images/ocitools.section.md
View file

@ -76,7 +76,11 @@ Note that no user namespace is created, which means that you won't be able to ru
This example uses `ociTools.buildContainer` to create a simple container that runs `bash`.
```nix
{ ociTools, lib, bash }:
{
ociTools,
lib,
bash,
}:
ociTools.buildContainer {
args = [
(lib.getExe bash)

20
doc/build-helpers/images/portableservice.section.md
View file

@ -91,7 +91,12 @@ See [](#ex-portableService-hello) to understand how to use the output of `portab
The following example builds a Portable Service image with the `hello` package, along with a service unit that runs it.
```nix
{ lib, writeText, portableService, hello }:
{
lib,
writeText,
portableService,
hello,
}:
let
hello-service = writeText "hello.service" ''
[Unit]
@ -151,7 +156,13 @@ To make things available globally, you must specify the `symlinks` attribute whe
The following package builds on the package from [](#ex-portableService-hello) to make `/etc/ssl` available globally (this is only for illustrative purposes, because `hello` doesn't use `/etc/ssl`).
```nix
{ lib, writeText, portableService, hello, cacert }:
{
lib,
writeText,
portableService,
hello,
cacert,
}:
let
hello-service = writeText "hello.service" ''
[Unit]
@ -167,7 +178,10 @@ portableService {
inherit (hello) version;
units = [ hello-service ];
symlinks = [
{ object = "${cacert}/etc/ssl"; symlink = "/etc/ssl"; }
{
object = "${cacert}/etc/ssl";
symlink = "/etc/ssl";
}
];
}
```

7
doc/build-helpers/special/checkpoint-build.section.md
View file

@ -26,7 +26,9 @@ To change a normal derivation to a checkpoint based build, these steps must be t
## Example {#sec-checkpoint-build-example}
```nix
{ pkgs ? import <nixpkgs> {} }:
{
pkgs ? import <nixpkgs> { },
}:
let
inherit (pkgs.checkpointBuildTools)
prepareCheckpointBuild
@ -39,5 +41,6 @@ let
sed -i 's/Hello, world!/Hello, Nix!/g' src/hello.c
'';
});
in mkCheckpointBuild changedHello helloCheckpoint
in
mkCheckpointBuild changedHello helloCheckpoint
```

15
doc/build-helpers/special/fakenss.section.md
View file

@ -48,12 +48,19 @@ It is useful with functions in `dockerTools` to allow building Docker images tha
This example includes the `hello` binary in the image so it can do something besides just have the extra files.
```nix
{ dockerTools, fakeNss, hello }:
{
dockerTools,
fakeNss,
hello,
}:
dockerTools.buildImage {
name = "image-with-passwd";
tag = "latest";
copyToRoot = [ fakeNss hello ];
copyToRoot = [
fakeNss
hello
];
config = {
Cmd = [ "/bin/hello" ];
@ -70,8 +77,8 @@ The following code uses `override` to add extra lines to `/etc/passwd` and `/etc
```nix
{ fakeNss }:
fakeNss.override {
extraPasswdLines = ["newuser:x:9001:9001:new user:/var/empty:/bin/sh"];
extraGroupLines = ["newuser:x:9001:"];
extraPasswdLines = [ "newuser:x:9001:9001:new user:/var/empty:/bin/sh" ];
extraGroupLines = [ "newuser:x:9001:" ];
}
```
:::

33
doc/build-helpers/special/fhs-environments.section.md
View file

@ -36,22 +36,29 @@ Accepted arguments are:
You can create a simple environment using a `shell.nix` like this:
```nix
{ pkgs ? import <nixpkgs> {} }:
{
pkgs ? import <nixpkgs> { },
}:
(pkgs.buildFHSEnv {
name = "simple-x11-env";
targetPkgs = pkgs: (with pkgs; [
udev
alsa-lib
]) ++ (with pkgs.xorg; [
libX11
libXcursor
libXrandr
]);
multiPkgs = pkgs: (with pkgs; [
udev
alsa-lib
]);
targetPkgs =
pkgs:
(with pkgs; [
udev
alsa-lib
])
++ (with pkgs.xorg; [
libX11
libXcursor
libXrandr
]);
multiPkgs =
pkgs:
(with pkgs; [
udev
alsa-lib
]);
runScript = "bash";
}).env
```

4
doc/build-helpers/special/makesetuphook.section.md
View file

@ -9,7 +9,7 @@ pkgs.makeSetupHook {
name = "something-hook";
propagatedBuildInputs = [ pkgs.commandsomething ];
depsTargetTargetPropagated = [ pkgs.libsomething ];
} ./script.sh;
} ./script.sh
```
### setup hook that depends on the hello package and runs hello and @shell@ is substituted with path to bash {#sec-pkgs.makeSetupHook-usage-example}
@ -42,7 +42,7 @@ pkgs.makeSetupHook
}
preConfigureHooks+=(_printHelloHook)
''
);
)
```
## Attributes {#sec-pkgs.makeSetupHook-attributes}

9
doc/build-helpers/special/mkshell.section.md
View file

@ -8,11 +8,16 @@ repetition when using it with `nix-shell` (or `nix develop`).
Here is a common usage example:
```nix
{ pkgs ? import <nixpkgs> {} }:
{
pkgs ? import <nixpkgs> { },
}:
pkgs.mkShell {
packages = [ pkgs.gnumake ];
inputsFrom = [ pkgs.hello pkgs.gnutar ];
inputsFrom = [
pkgs.hello
pkgs.gnutar
];
shellHook = ''
export DEBUG=1

49
doc/build-helpers/special/vm-tools.section.md
View file

@ -31,25 +31,34 @@ If the build fails and Nix is run with the `-K/--keep-failed` option, a script `
Build the derivation hello inside a VM:
```nix
{ pkgs }: with pkgs; with vmTools;
runInLinuxVM hello
{ pkgs }: with pkgs; with vmTools; runInLinuxVM hello
```
Build inside a VM with extra memory:
```nix
{ pkgs }: with pkgs; with vmTools;
runInLinuxVM (hello.overrideAttrs (_: { memSize = 1024; }))
{ pkgs }:
with pkgs;
with vmTools;
runInLinuxVM (
hello.overrideAttrs (_: {
memSize = 1024;
})
)
```
Use VM with a disk image (implicitly sets `diskImage`, see [`vmTools.createEmptyImage`](#vm-tools-createEmptyImage)):
```nix
{ pkgs }: with pkgs; with vmTools;
runInLinuxVM (hello.overrideAttrs (_: {
preVM = createEmptyImage {
size = 1024;
fullName = "vm-image";
};
}))
{ pkgs }:
with pkgs;
with vmTools;
runInLinuxVM (
hello.overrideAttrs (_: {
preVM = createEmptyImage {
size = 1024;
fullName = "vm-image";
};
})
)
```
## `vmTools.extractFs` {#vm-tools-extractFs}
@ -66,8 +75,7 @@ Takes a file, such as an ISO, and extracts its contents into the store.
Extract the contents of an ISO file:
```nix
{ pkgs }: with pkgs; with vmTools;
extractFs { file = ./image.iso; }
{ pkgs }: with pkgs; with vmTools; extractFs { file = ./image.iso; }
```
## `vmTools.extractMTDfs` {#vm-tools-extractMTDfs}
@ -86,14 +94,12 @@ Generate a script that can be used to run an interactive session in the given im
Create a script for running a Fedora 27 VM:
```nix
{ pkgs }: with pkgs; with vmTools;
makeImageTestScript diskImages.fedora27x86_64
{ pkgs }: with pkgs; with vmTools; makeImageTestScript diskImages.fedora27x86_64
```
Create a script for running an Ubuntu 20.04 VM:
```nix
{ pkgs }: with pkgs; with vmTools;
makeImageTestScript diskImages.ubuntu2004x86_64
{ pkgs }: with pkgs; with vmTools; makeImageTestScript diskImages.ubuntu2004x86_64
```
## `vmTools.diskImageFuns` {#vm-tools-diskImageFuns}
@ -137,8 +143,13 @@ A set of functions that build a predefined set of minimal Linux distributions im
8GiB image containing Firefox in addition to the default packages:
```nix
{ pkgs }: with pkgs; with vmTools;
diskImageFuns.ubuntu2004x86_64 { extraPackages = [ "firefox" ]; size = 8192; }
{ pkgs }:
with pkgs;
with vmTools;
diskImageFuns.ubuntu2004x86_64 {
extraPackages = [ "firefox" ];
size = 8192;
}
```
## `vmTools.diskImageExtraFuns` {#vm-tools-diskImageExtraFuns}

104
doc/build-helpers/testers.chapter.md
View file

@ -98,7 +98,8 @@ It has two modes:
```nix
{
"https://nix\\.dev/manual/nix/[a-z0-9.-]*" = "${nix.doc}/share/doc/nix/manual";
"https://nixos\\.org/manual/nix/(un)?stable" = "${emptyDirectory}/placeholder-to-disallow-old-nix-docs-urls";
"https://nixos\\.org/manual/nix/(un)?stable" =
"${emptyDirectory}/placeholder-to-disallow-old-nix-docs-urls";
}
```
@ -302,18 +303,22 @@ While `testBuildFailure` is designed to keep changes to the original builder's e
# Check that a build fails, and verify the changes made during build
```nix
runCommand "example" {
failed = testers.testBuildFailure (runCommand "fail" {} ''
echo ok-ish >$out
echo failing though
exit 3
'');
} ''
grep -F 'ok-ish' $failed/result
grep -F 'failing though' $failed/testBuildFailure.log
[[ 3 = $(cat $failed/testBuildFailure.exit) ]]
touch $out
''
runCommand "example"
{
failed = testers.testBuildFailure (
runCommand "fail" { } ''
echo ok-ish >$out
echo failing though
exit 3
''
);
}
''
grep -F 'ok-ish' $failed/result
grep -F 'failing though' $failed/testBuildFailure.log
[[ 3 = $(cat $failed/testBuildFailure.exit) ]]
touch $out
''
```
:::
@ -396,15 +401,18 @@ testers.testEqualContents {
expected = writeText "expected" ''
foo baz baz
'';
actual = runCommand "actual" {
# not really necessary for a package that's in stdenv
nativeBuildInputs = [ gnused ];
base = writeText "base" ''
foo bar baz
'';
} ''
sed -e 's/bar/baz/g' $base >$out
'';
actual =
runCommand "actual"
{
# not really necessary for a package that's in stdenv
nativeBuildInputs = [ gnused ];
base = writeText "base" ''
foo bar baz
'';
}
''
sed -e 's/bar/baz/g' $base >$out
'';
}
```
@ -515,10 +523,11 @@ Otherwise, the build log explains the difference via `nix-diff`.
# Check that two packages produce the same derivation
```nix
testers.testEqualDerivation
"The hello package must stay the same when enabling checks."
hello
(hello.overrideAttrs(o: { doCheck = true; }))
testers.testEqualDerivation "The hello package must stay the same when enabling checks." hello (
hello.overrideAttrs (o: {
doCheck = true;
})
)
```
:::
@ -586,7 +595,10 @@ testers.runCommand {
curl -o /dev/null https://example.com
touch $out
'';
nativeBuildInputs = with pkgs; [ cacert curl ];
nativeBuildInputs = with pkgs; [
cacert
curl
];
}
```
@ -603,15 +615,20 @@ If your test is part of the Nixpkgs repository, or if you need a more general en
# Run a NixOS test using `runNixOSTest`
```nix
pkgs.testers.runNixOSTest ({ lib, ... }: {
name = "hello";
nodes.machine = { pkgs, ... }: {
environment.systemPackages = [ pkgs.hello ];
};
testScript = ''
machine.succeed("hello")
'';
})
pkgs.testers.runNixOSTest (
{ lib, ... }:
{
name = "hello";
nodes.machine =
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.hello ];
};
testScript = ''
machine.succeed("hello")
'';
}
)
```
:::
@ -634,10 +651,17 @@ A [NixOS VM test network](https://nixos.org/nixos/manual/index.html#sec-nixos-te
{
name = "my-test";
nodes = {
machine1 = { lib, pkgs, nodes, ... }: {
environment.systemPackages = [ pkgs.hello ];
services.foo.enable = true;
};
machine1 =
{
lib,
pkgs,
nodes,
...
}:
{
environment.systemPackages = [ pkgs.hello ];
services.foo.enable = true;
};
# machine2 = ...;
};
testScript = ''

141
doc/build-helpers/trivial-build-helpers.chapter.md
View file

@ -66,15 +66,17 @@ runCommandWith :: {
# Invocation of `runCommandWith`
```nix
runCommandWith {
name = "example";
derivationArgs.nativeBuildInputs = [ cowsay ];
} ''
cowsay > $out <<EOMOO
'runCommandWith' is a bit cumbersome,
so we have more ergonomic wrappers.
EOMOO
''
runCommandWith
{
name = "example";
derivationArgs.nativeBuildInputs = [ cowsay ];
}
''
cowsay > $out <<EOMOO
'runCommandWith' is a bit cumbersome,
so we have more ergonomic wrappers.
EOMOO
''
```
:::
@ -118,7 +120,7 @@ While the type signature(s) differ from [`runCommandWith`], individual arguments
# Invocation of `runCommand`
```nix
runCommand "my-example" {} ''
runCommand "my-example" { } ''
echo My example command is running
mkdir $out
@ -238,7 +240,7 @@ The following fields are either required, are of a different type than in the sp
Write a desktop file `/nix/store/<store path>/my-program.desktop` to the Nix store.
```nix
{makeDesktopItem}:
{ makeDesktopItem }:
makeDesktopItem {
name = "my-program";
desktopName = "My Program";
@ -260,7 +262,10 @@ makeDesktopItem {
mimeTypes = [ "video/mp4" ];
categories = [ "Utility" ];
implements = [ "org.my-program" ];
keywords = [ "Video" "Player" ];
keywords = [
"Video"
"Player"
];
startupNotify = false;
startupWMClass = "MyProgram";
prefersNonDefaultGPU = false;
@ -276,18 +281,22 @@ makeDesktopItem {
Override the `hello` package to add a desktop item.
```nix
{ copyDesktopItems
, hello
, makeDesktopItem }:
{
copyDesktopItems,
hello,
makeDesktopItem,
}:
hello.overrideAttrs {
nativeBuildInputs = [ copyDesktopItems ];
desktopItems = [(makeDesktopItem {
name = "hello";
desktopName = "Hello";
exec = "hello";
})];
desktopItems = [
(makeDesktopItem {
name = "hello";
desktopName = "Hello";
exec = "hello";
})
];
}
```
@ -446,10 +455,9 @@ The store path will include the name, and it will be a file.
Write the string `Contents of File` to `/nix/store/<store path>`:
```nix
writeText "my-file"
''
writeText "my-file" ''
Contents of File
''
''
```
:::
@ -486,10 +494,9 @@ The store path will be a directory.
Write the string `Contents of File` to `/nix/store/<store path>/share/my-file`:
```nix
writeTextDir "share/my-file"
''
writeTextDir "share/my-file" ''
Contents of File
''
''
```
:::
@ -528,10 +535,9 @@ The store path will include the name, and it will be a file.
Write the string `Contents of File` to `/nix/store/<store path>` and make the file executable.
```nix
writeScript "my-file"
''
writeScript "my-file" ''
Contents of File
''
''
```
This is equivalent to:
@ -570,10 +576,9 @@ The store path will include the name, and it will be a directory.
# Usage of `writeScriptBin`
```nix
writeScriptBin "my-script"
''
writeScriptBin "my-script" ''
echo "hi"
''
''
```
:::
@ -614,10 +619,9 @@ This function is almost exactly like [](#trivial-builder-writeScript), except th
# Usage of `writeShellScript`
```nix
writeShellScript "my-script"
''
writeShellScript "my-script" ''
echo "hi"
''
''
```
:::
@ -657,10 +661,9 @@ This function is a combination of [](#trivial-builder-writeShellScript) and [](#
# Usage of `writeShellScriptBin`
```nix
writeShellScriptBin "my-script"
''
writeShellScriptBin "my-script" ''
echo "hi"
''
''
```
:::
@ -685,26 +688,40 @@ These functions concatenate `files` to the Nix store in a single file. This is u
Here are a few examples:
```nix
# Writes my-file to /nix/store/<store path>
concatTextFile {
name = "my-file";
files = [ drv1 "${drv2}/path/to/file" ];
}
# See also the `concatText` helper function below.
concatTextFile
{
name = "my-file";
files = [
drv1
"${drv2}/path/to/file"
];
}
# See also the `concatText` helper function below.
# Writes executable my-file to /nix/store/<store path>/bin/my-file
concatTextFile {
name = "my-file";
files = [ drv1 "${drv2}/path/to/file" ];
executable = true;
destination = "/bin/my-file";
}
# Writes contents of files to /nix/store/<store path>
concatText "my-file" [ file1 file2 ]
# Writes executable my-file to /nix/store/<store path>/bin/my-file
concatTextFile
{
name = "my-file";
files = [
drv1
"${drv2}/path/to/file"
];
executable = true;
destination = "/bin/my-file";
}
# Writes contents of files to /nix/store/<store path>
concatText
"my-file"
[ file1 file2 ]
# Writes contents of files to /nix/store/<store path>
concatScript "my-file" [ file1 file2 ]
# Writes contents of files to /nix/store/<store path>
concatScript
"my-file"
[
file1
file2
]
```
## `writeShellApplication` {#trivial-builder-writeShellApplication}
@ -722,7 +739,10 @@ For example, the following shell application can refer to `curl` directly, rathe
writeShellApplication {
name = "show-nixos-org";
runtimeInputs = [ curl w3m ];
runtimeInputs = [
curl
w3m
];
text = ''
curl -s 'https://nixos.org' | w3m -dump -T text/html
@ -736,7 +756,14 @@ This can be used to put many derivations into the same directory structure. It w
Here is an example:
```nix
# adds symlinks of hello and stack to current build and prints "links added"
symlinkJoin { name = "myexample"; paths = [ pkgs.hello pkgs.stack ]; postBuild = "echo links added"; }
symlinkJoin {
name = "myexample";
paths = [
pkgs.hello
pkgs.stack
];
postBuild = "echo links added";
}
```
This creates a derivation with a directory structure like the following:
```

28
doc/doc-support/package.nix
View file

@ -12,8 +12,10 @@
nixos-render-docs-redirects,
writeShellScriptBin,
nixpkgs ? { },
markdown-code-runner,
roboto,
treefmt,
}:
stdenvNoCC.mkDerivation (
finalAttrs:
let
@ -45,9 +47,13 @@ stdenvNoCC.mkDerivation (
postPatch = ''
ln -s ${optionsJSON}/share/doc/nixos/options.json ./config-options.json
ln -s ${treefmt.functionsDoc.markdown} ./packages/treefmt-functions.section.md
ln -s ${treefmt.optionsDoc.optionsJSON}/share/doc/nixos/options.json ./treefmt-options.json
'';
buildPhase = ''
runHook preBuild
substituteInPlace ./languages-frameworks/python.section.md \
--subst-var-by python-interpreter-table "$(<"${pythonInterpreterTable}")"
@ -83,19 +89,27 @@ stdenvNoCC.mkDerivation (
--section-toc-depth 1 \
manual.md \
out/index.html
runHook postBuild
'';
installPhase = ''
runHook preInstall
dest="$out/share/doc/nixpkgs"
mkdir -p "$(dirname "$dest")"
mv out "$dest"
mv "$dest/index.html" "$dest/manual.html"
cp "$dest/index.html" "$dest/manual.html"
cp ${roboto.src}/web/Roboto\[ital\,wdth\,wght\].ttf "$dest/Roboto.ttf"
cp ${epub} "$dest/nixpkgs-manual.epub"
mkdir -p $out/nix-support/
echo "doc manual $dest manual.html" >> $out/nix-support/hydra-build-products
echo "doc manual $dest index.html" >> $out/nix-support/hydra-build-products
echo "doc manual $dest nixpkgs-manual.epub" >> $out/nix-support/hydra-build-products
runHook postInstall
'';
passthru = {
@ -111,7 +125,7 @@ stdenvNoCC.mkDerivation (
let
devmode' = devmode.override {
buildArgs = toString ../.;
open = "/share/doc/nixpkgs/manual.html";
open = "/share/doc/nixpkgs/index.html";
};
nixos-render-docs-redirects' = writeShellScriptBin "redirects" "${lib.getExe nixos-render-docs-redirects} --file ${toString ../redirects.json} $@";
in
@ -119,10 +133,14 @@ stdenvNoCC.mkDerivation (
packages = [
devmode'
nixos-render-docs-redirects'
markdown-code-runner
];
};
tests.manpage-urls = callPackage ../tests/manpage-urls.nix { };
tests = {
manpage-urls = callPackage ../tests/manpage-urls.nix { };
check-nix-code-blocks = callPackage ../tests/check-nix-code-blocks.nix { };
};
};
}
)

18
doc/functions/generators.section.md
View file

@ -13,17 +13,23 @@ let
# specifies how to format a key/value pair
mkKeyValue = generators.mkKeyValueDefault {
# specifies the generated string for a subset of nix values
mkValueString = v:
if v == true then ''"yes"''
else if v == false then ''"no"''
else if isString v then ''"${v}"''
mkValueString =
v:
if v == true then
''"yes"''
else if v == false then
''"no"''
else if isString v then
''"${v}"''
# and delegates all other values to the default generator
else generators.mkValueStringDefault {} v;
else
generators.mkValueStringDefault { } v;
} ":";
};
in
# the INI file can now be given as plain old nix values
in customToINI {
customToINI {
main = {
pushinfo = true;
autopush = false;

23
doc/functions/nix-gitignore.section.md
View file

@ -7,20 +7,23 @@
`pkgs.nix-gitignore` exports a number of functions, but you'll most likely need either `gitignoreSource` or `gitignoreSourcePure`. As their first argument, they both accept either 1. a file with gitignore lines or 2. a string with gitignore lines, or 3. a list of either of the two. They will be concatenated into a single big string.
```nix
{ pkgs ? import <nixpkgs> {} }: {
{
pkgs ? import <nixpkgs> { },
}:
{
src = nix-gitignore.gitignoreSource [] ./source;
# Simplest version
src = nix-gitignore.gitignoreSource [ ] ./source;
# Simplest version
src = nix-gitignore.gitignoreSource "supplemental-ignores\n" ./source;
# This one reads the ./source/.gitignore and concats the auxiliary ignores
src = nix-gitignore.gitignoreSource "supplemental-ignores\n" ./source;
# This one reads the ./source/.gitignore and concats the auxiliary ignores
src = nix-gitignore.gitignoreSourcePure "ignore-this\nignore-that\n" ./source;
# Use this string as gitignore, don't read ./source/.gitignore.
src = nix-gitignore.gitignoreSourcePure "ignore-this\nignore-that\n" ./source;
# Use this string as gitignore, don't read ./source/.gitignore.
src = nix-gitignore.gitignoreSourcePure ["ignore-this\nignore-that\n" ~/.gitignore] ./source;
# It also accepts a list (of strings and paths) that will be concatenated
# once the paths are turned to strings via readFile.
src = nix-gitignore.gitignoreSourcePure [ "ignore-this\nignore-that\n" ~/.gitignore ] ./source;
# It also accepts a list (of strings and paths) that will be concatenated
# once the paths are turned to strings via readFile.
}
```

3
doc/functions/prefer-remote-fetch.section.md
View file

@ -3,8 +3,7 @@
`prefer-remote-fetch` is an overlay that download sources on remote builder. This is useful when the evaluating machine has a slow upload while the builder can fetch faster directly from the source. To use it, put the following snippet as a new overlay:
```nix
self: super:
(super.prefer-remote-fetch self super)
self: super: (super.prefer-remote-fetch self super)
```
A full configuration example for that sets the overlay up for your own account, could look like this

17
doc/hooks/autopatchcil.section.md Normal file
View file

@ -0,0 +1,17 @@
# autoPatchcilHook {#setup-hook-autopatchcilhook}
This is a special setup hook which helps in packaging .NET assemblies/programs in that it automatically tries to find missing shared library dependencies of .NET assemblies based on the given `buildInputs` and `nativeBuildInputs`.
As the hook needs information for the host where the package will be run on, there's a required environment variable called `autoPatchcilRuntimeId` which should be filled in with the RID (Runtime Identifier) of the machine where the output will be run on. If you're using `buildDotnetModule`, it will fall back to `dotnetRuntimeIds` (which is set to `lib.singleton (if runtimeId != null then runtimeId else systemToDotnetRid stdenvNoCC.hostPlatform.system)`) for you if not provided.
In certain situations you may want to run the main command (`autoPatchcil`) of the setup hook on a file or a set of directories instead of unconditionally patching all outputs. This can be done by setting the `dontAutoPatchcil` environment variable to a non-empty value.
By default, `autoPatchcil` will fail as soon as any .NET assembly requires a dependency which cannot be resolved via the given build inputs. In some situations you might prefer to just leave missing dependencies unpatched and continue to patch the rest. This can be achieved by setting the `autoPatchcilIgnoreMissingDeps` environment variable to a non-empty value. `autoPatchcilIgnoreMissingDeps` can be set to a list like `autoPatchcilIgnoreMissingDeps = [ "libcuda.so.1" "libcudart.so.1" ];` or to `[ "*" ]` to ignore all missing dependencies.
The `autoPatchcil` command requires the `--rid` command line flag, informing the RID (Runtime Identifier) it should assume the assemblies will be executed on, and also recognizes a `--no-recurse` command line flag, which prevents it from recursing into subdirectories.
::: {.note}
Since, unlike most native binaries, .NET assemblies are compiled once to run on any platform, many assemblies may have PInvoke stubs for libraries that might not be available on the platform that the package will effectively run on. A few examples are assemblies that call native Windows APIs through PInvoke targeting `kernel32`, `gdi32`, `user32`, `shell32` or `ntdll`.
`autoPatchcil` does its best to ignore dependencies from other platforms by checking the requested file extensions, however not all PInvoke stubs provide an extension so in those cases it will be necessary to list those in `autoPatchcilIgnoreMissingDeps` manually.
:::

18
doc/hooks/cmake.section.md
View file

@ -33,3 +33,21 @@ The default value is `build`.
#### `dontUseCmakeConfigure` {#dont-use-cmake-configure}
When set to true, don't use the predefined `cmakeConfigurePhase`.
## Controlling CTest invocation {#cmake-ctest}
By default tests are run by make in [`checkPhase`](#ssec-check-phase) or by [ninja](#ninja) if `ninja` is
available in `nativeBuildInputs`. Makefile and Ninja generators produce the `test` target, which invokes `ctest` under the hood.
This makes passing additional arguments to `ctest` difficult, so it's possible to invoke it directly in `checkPhase`
by adding `ctestCheckHook` to `nativeCheckInputs`.
### CTest Variables {#cmake-ctest-variables}
#### `disabledTests` {#cmake-ctest-disabled-tests}
Allows to disable running a list of tests. Note that regular expressions are not supported by `disabledTests`, but
it can be combined with `--exclude-regex` option.
#### `ctestFlags` {#cmake-ctest-flags}
Additional options passed to `ctest` together with `checkFlags`.

1
doc/hooks/index.md
View file

@ -7,6 +7,7 @@ The stdenv built-in hooks are documented in [](#ssec-setup-hooks).
```{=include=} sections
autoconf.section.md
automake.section.md
autopatchcil.section.md
autopatchelf.section.md
aws-c-common.section.md
bmake.section.md

19
doc/hooks/installShellFiles.section.md
View file

@ -99,17 +99,12 @@ failure. To prevent this, guard the completion generation commands.
```nix
{
nativeBuildInputs = [ installShellFiles ];
postInstall = lib.optionalString (stdenv.hostPlatform.emulatorAvailable buildPackages) (
let
emulator = stdenv.hostPlatform.emulator buildPackages;
in
''
# using named fd
installShellCompletion --cmd foobar \
--bash <(${emulator} $out/bin/foobar --bash-completion) \
--fish <(${emulator} $out/bin/foobar --fish-completion) \
--zsh <(${emulator} $out/bin/foobar --zsh-completion)
''
);
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
# using named fd
installShellCompletion --cmd foobar \
--bash <($out/bin/foobar --bash-completion) \
--fish <($out/bin/foobar --fish-completion) \
--zsh <($out/bin/foobar --zsh-completion)
'';
}
```

55
doc/hooks/memcached-test-hook.section.md Normal file
View file

@ -0,0 +1,55 @@
# `memcachedTestHook` {#sec-memcachedTestHook}
This hook starts a Memcached server during `checkPhase`. Example:
```nix
{
stdenv,
memcachedTestHook,
}:
stdenv.mkDerivation {
# ...
nativeCheckInputs = [
memcachedTestHook
];
}
```
If you use a custom `checkPhase`, remember to add the `runHook` calls:
```nix
{
checkPhase = ''
runHook preCheck
# ... your tests
runHook postCheck
'';
}
```
## Variables {#sec-memcachedTestHook-variables}
Bash-only variables:
- `memcachedTestPort`: Port to use by Memcached. Defaults to `11211`
Example usage:
```nix
{ stdenv, memcachedTestHook }:
stdenv.mkDerivation {
# ...
nativeCheckInputs = [
memcachedTestHook
];
preCheck = ''
memcachedTestPort=1234;
'';
}

16
doc/hooks/mpi-check-hook.section.md
View file

@ -11,15 +11,15 @@ the neceesary environment variables to use
Example:
```nix
{ mpiCheckPhaseHook, mpi, ... }:
{
# ...
{ mpiCheckPhaseHook, mpi, ... }:
{
# ...
nativeCheckInputs = [
openssh
mpiCheckPhaseHook
];
}
nativeCheckInputs = [
openssh
mpiCheckPhaseHook
];
}
```

14
doc/hooks/patch-rc-path-hooks.section.md
View file

@ -29,7 +29,11 @@ Given a package `foo` containing an init script `this-foo.fish` that depends on
patch the init script for users to source without having the above dependencies in their `PATH`:
```nix
{ lib, stdenv, patchRcPathFish}:
{
lib,
stdenv,
patchRcPathFish,
}:
stdenv.mkDerivation {
# ...
@ -39,7 +43,13 @@ stdenv.mkDerivation {
];
postFixup = ''
patchRcPathFish $out/bin/this-foo.fish ${lib.makeBinPath [ coreutils man which ]}
patchRcPathFish $out/bin/this-foo.fish ${
lib.makeBinPath [
coreutils
man
which
]
}
'';
}
```

16
doc/hooks/postgresql-test-hook.section.md
View file

@ -4,7 +4,11 @@
This hook starts a PostgreSQL server during the `checkPhase`. Example:
```nix
{ stdenv, postgresql, postgresqlTestHook }:
{
stdenv,
postgresql,
postgresqlTestHook,
}:
stdenv.mkDerivation {
# ...
@ -18,13 +22,13 @@ stdenv.mkDerivation {
If you use a custom `checkPhase`, remember to add the `runHook` calls:
```nix
checkPhase ''
runHook preCheck
checkPhase ''
runHook preCheck
# ... your tests
# ... your tests
runHook postCheck
''
runHook postCheck
''
```
## Variables {#sec-postgresqlTestHook-variables}

67
doc/hooks/redis-test-hook.section.md Normal file
View file

@ -0,0 +1,67 @@
# `redisTestHook` {#sec-redisTestHook}
This hook starts a Redis server during `checkPhase`. Example:
```nix
{
stdenv,
redis,
redisTestHook,
}:
stdenv.mkDerivation {
# ...
nativeCheckInputs = [
redisTestHook
];
}
```
If you use a custom `checkPhase`, remember to add the `runHook` calls:
```nix
{
checkPhase = ''
runHook preCheck
# ... your tests
runHook postCheck
'';
}
```
## Variables {#sec-redisTestHook-variables}
The hook logic will read the following variables and set them to a default value if unset or empty.
Exported variables:
- `REDIS_SOCKET`: UNIX domain socket path
Bash-only variables:
- `redisTestPort`: Port to use by Redis. Defaults to `6379`
Example usage:
```nix
{
stdenv,
redis,
redisTestHook,
}:
stdenv.mkDerivation {
# ...
nativeCheckInputs = [
redisTestHook
];
preCheck = ''
redisTestPort=6390;
'';
}
```

47
doc/hooks/tauri.section.md
View file

@ -23,46 +23,47 @@ In Nixpkgs, `cargo-tauri.hook` overrides the default build and install phases.
wrapGAppsHook4,
}:
rustPlatform.buildRustPackage rec {
# . . .
rustPlatform.buildRustPackage (finalAttrs: {
# ...
useFetchCargoVendor = true;
cargoHash = "...";
# Assuming our app's frontend uses `npm` as a package manager
npmDeps = fetchNpmDeps {
name = "${pname}-npm-deps-${version}";
inherit src;
name = "${finalAttrs.pname}-${finalAttrs.version}-npm-deps";
inherit (finalAttrs) src;
hash = "...";
};
nativeBuildInputs = [
# Pull in our main hook
cargo-tauri.hook
nativeBuildInputs =
[
# Pull in our main hook
cargo-tauri.hook
# Setup npm
nodejs
npmHooks.npmConfigHook
# Setup npm
nodejs
npmHooks.npmConfigHook
# Make sure we can find our libraries
pkg-config
wrapGAppsHook4
];
buildInputs =
[ openssl ]
# Make sure we can find our libraries
pkg-config
]
++ lib.optionals stdenv.hostPlatform.isLinux [
glib-networking # Most Tauri apps need networking
webkitgtk_4_1
wrapGAppsHook4
];
buildInputs = lib.optionals stdenv.hostPlatform.isLinux [
glib-networking # Most Tauri apps need networking
openssl
webkitgtk_4_1
];
# Set our Tauri source directory
cargoRoot = "src-tauri";
# And make sure we build there too
buildAndTestSubdir = cargoRoot;
buildAndTestSubdir = finalAttrs.cargoRoot;
# . . .
}
# ...
})
```
## Variables controlling cargo-tauri {#tauri-hook-variables-controlling}

2
doc/hooks/versionCheckHook.section.md
View file

@ -9,7 +9,7 @@ You use it like this:
lib,
stdenv,
versionCheckHook,
# ...
# ...
}:
stdenv.mkDerivation (finalAttrs: {

2
doc/hooks/waf.section.md
View file

@ -14,7 +14,7 @@ The variables below are exclusive of `wafHook`.
Location of the `waf` tool. It defaults to `./waf`, to honor software projects that include it directly inside their source trees.
If `wafPath` doesn't exist, then `wafHook` will copy the `waf` provided from Nixpkgs to it.
If the file pointed by `wafPath` doesn't exist, then `waf` provided by Nixpkgs will be used.
#### `wafFlags` {#waf-flags}

7
doc/hooks/zig.section.md
View file

@ -7,9 +7,10 @@ In Nixpkgs, `zig.hook` overrides the default build, check and install phases.
## Example code snippet {#zig-hook-example-code-snippet}
```nix
{ lib
, stdenv
, zig
{
lib,
stdenv,
zig,
}:
stdenv.mkDerivation {

16
doc/interoperability/cyclonedx.md
View file

@ -63,17 +63,27 @@ For example, the `fetchFromGitHub` is commonly used within Nixpkgs but should be
`nix:fod` properties may be extracted and evaluated to a derivation using code similar to the following, assuming a fictitious function `filterPropertiesToAttrs`:
```nix
{ pkgs, filterPropertiesToAttrs, properties }:
{
pkgs,
filterPropertiesToAttrs,
properties,
}:
let
fodProps = filterPropertiesToAttrs "nix:fod:" properties;
methods = {
fetchzip =
{ name, url, sha256, ... }:
{
name,
url,
sha256,
...
}:
pkgs.fetchzip {
inherit name url sha256;
};
};
in methods.${fodProps.method} fodProps
in
methods.${fodProps.method} fodProps
```

24
doc/languages-frameworks/agda.section.md
View file

@ -48,7 +48,7 @@ You can also reference a GitHub repository
agda.withPackages (p: [
(p.standard-library.overrideAttrs (oldAttrs: {
version = "1.5";
src = fetchFromGitHub {
src = fetchFromGitHub {
repo = "agda-stdlib";
owner = "agda";
rev = "v1.5";
@ -114,7 +114,9 @@ This can be overridden by a different version of `ghc` as follows:
```nix
agda.withPackages {
pkgs = [ /* ... */ ];
pkgs = [
# ...
];
ghc = haskell.compiler.ghcHEAD;
}
```
@ -132,8 +134,10 @@ A derivation can then be written using `agdaPackages.mkDerivation`. This has sim
Here is an example `default.nix`
```nix
{ nixpkgs ? <nixpkgs> }:
with (import nixpkgs {});
{
nixpkgs ? <nixpkgs>,
}:
with (import nixpkgs { });
agdaPackages.mkDerivation {
version = "1.0";
pname = "my-agda-lib";
@ -179,8 +183,12 @@ the Agda package set is small and can (still) be maintained by hand.
To add an Agda package to `nixpkgs`, the derivation should be written to `pkgs/development/libraries/agda/${library-name}/` and an entry should be added to `pkgs/top-level/agda-packages.nix`. Here it is called in a scope with access to all other Agda libraries, so the top line of the `default.nix` can look like:
```nix
{ mkDerivation, standard-library, fetchFromGitHub }:
{}
{
mkDerivation,
standard-library,
fetchFromGitHub,
}:
{ }
```
Note that the derivation function is called with `mkDerivation` set to `agdaPackages.mkDerivation`, therefore you
@ -200,8 +208,12 @@ mkDerivation {
libraryName = "IAL-1.3";
buildPhase = ''
runHook preBuild
patchShebangs find-deps.sh
make
runHook postBuild
'';
}
```

50
doc/languages-frameworks/android.section.md
View file

@ -8,23 +8,31 @@ supporting features.
Use the `android-studio-full` attribute for a very complete Android SDK, including system images:
```nix
buildInputs = [ android-studio-full ];
{
buildInputs = [ android-studio-full ];
}
```
This is identical to:
```nix
buildInputs = [ androidStudioPackages.stable.full ];
{
buildInputs = [ androidStudioPackages.stable.full ];
}
```
Alternatively, you can pass composeAndroidPackages to the `withSdk` passthru:
```nix
buildInputs = [
(android-studio.withSdk (androidenv.composeAndroidPackages {
includeNDK = true;
}).androidsdk)
];
{
buildInputs = [
(android-studio.withSdk
(androidenv.composeAndroidPackages {
includeNDK = true;
}).androidsdk
)
];
}
```
These will export `ANDROID_SDK_ROOT` and `ANDROID_NDK_ROOT` to the SDK and NDK directories
@ -35,13 +43,20 @@ in the specified Android build environment.
Alternatively, you can deploy the SDK separately with a desired set of plugins, or subsets of an SDK.
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
let
androidComposition = androidenv.composeAndroidPackages {
platformVersions = [ "34" "35" ];
platformVersions = [
"34"
"35"
"latest"
];
systemImageTypes = [ "google_apis_playstore" ];
abiVersions = [ "armeabi-v7a" "arm64-v8a" ];
abiVersions = [
"armeabi-v7a"
"arm64-v8a"
];
includeNDK = true;
includeExtras = [
"extras;google;auto"
@ -116,7 +131,8 @@ For each requested system image we can specify the following options:
be included. Defaults to `armeabi-v7a` and `arm64-v8a`.
Most of the function arguments have reasonable default settings, preferring the latest
versions of tools when possible.
versions of tools when possible. You can additionally specify "latest" for any plugin version
that you do not care about, and just want the latest of.
You can specify license names:
@ -165,7 +181,7 @@ We can also deploy subsets of the Android SDK. For example, to only the
`platform-tools` package, you can evaluate the following expression:
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
let
androidComposition = androidenv.composeAndroidPackages {
@ -183,7 +199,7 @@ to use a predefined composition that contains a fairly complete set of Android p
The following Nix expression can be used to deploy the entire SDK:
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
androidenv.androidPkgs.androidsdk
```
@ -191,7 +207,7 @@ androidenv.androidPkgs.androidsdk
It is also possible to use one plugin only:
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
androidenv.androidPkgs.platform-tools
```
@ -205,7 +221,7 @@ An emulator spawn script can be configured by invoking the `emulateApp {}`
function:
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
androidenv.emulateApp {
name = "emulate-MyAndroidApp";
@ -221,7 +237,7 @@ It is also possible to specify an APK to deploy inside the emulator
and the package and activity names to launch it:
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
androidenv.emulateApp {
name = "emulate-MyAndroidApp";
@ -344,7 +360,7 @@ requires. Most newer Android projects use Gradle, and this is included for histo
purposes.
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
androidenv.buildApp {
name = "MyAndroidApp";

8
doc/languages-frameworks/astal.section.md
View file

@ -11,7 +11,9 @@ ags.bundle {
pname = "hyprpanel";
version = "1.0.0";
src = fetchFromGitHub { ... };
src = fetchFromGitHub {
#...
};
# change your entry file (default is `app.ts`)
entry = "app.ts";
@ -32,7 +34,9 @@ ags.bundle {
# GTK 4 support is opt-in
enableGtk4 = true;
meta = { ... };
meta = {
#...
};
}
```

91
doc/languages-frameworks/beam.section.md
View file

@ -60,7 +60,10 @@ $ nix-shell -p beamPackages.rebar3
```nix
let
pkgs = import <nixpkgs> { config = {}; overlays = []; };
pkgs = import <nixpkgs> {
config = { };
overlays = [ ];
};
in
pkgs.mkShell {
packages = [ pkgs.beamPackages.rebar3 ];
@ -120,26 +123,28 @@ If there are git dependencies.
{
mixNixDeps = import ./mix.nix {
inherit beamPackages lib;
overrides = (final: prev: {
# mix2nix does not support git dependencies yet,
# so we need to add them manually
prometheus_ex = beamPackages.buildMix rec {
name = "prometheus_ex";
version = "3.0.5";
overrides = (
final: prev: {
# mix2nix does not support git dependencies yet,
# so we need to add them manually
prometheus_ex = beamPackages.buildMix rec {
name = "prometheus_ex";
version = "3.0.5";
# Change the argument src with the git src that you actually need
src = fetchFromGitLab {
domain = "git.pleroma.social";
group = "pleroma";
owner = "elixir-libraries";
repo = "prometheus.ex";
rev = "a4e9beb3c1c479d14b352fd9d6dd7b1f6d7deee5";
hash = "sha256-U17LlN6aGUKUFnT4XyYXppRN+TvUBIBRHEUsfeIiGOw=";
# Change the argument src with the git src that you actually need
src = fetchFromGitLab {
domain = "git.pleroma.social";
group = "pleroma";
owner = "elixir-libraries";
repo = "prometheus.ex";
rev = "a4e9beb3c1c479d14b352fd9d6dd7b1f6d7deee5";
hash = "sha256-U17LlN6aGUKUFnT4XyYXppRN+TvUBIBRHEUsfeIiGOw=";
};
# you can re-use the same beamDeps argument as generated
beamDeps = with final; [ prometheus ];
};
# you can re-use the same beamDeps argument as generated
beamDeps = with final; [ prometheus ];
};
});
}
);
};
}
```
@ -195,15 +200,21 @@ let
hash = lib.fakeHash;
mixEnv = ""; # default is "prod", when empty includes all dependencies, such as "dev", "test".
# if you have build time environment variables add them here
MY_ENV_VAR="my_value";
MY_ENV_VAR = "my_value";
};
nodeDependencies = (pkgs.callPackage ./assets/default.nix { }).shell.nodeDependencies;
in packages.mixRelease {
inherit src pname version mixFodDeps;
in
packages.mixRelease {
inherit
src
pname
version
mixFodDeps
;
# if you have build time environment variables add them here
MY_ENV_VAR="my_value";
MY_ENV_VAR = "my_value";
postBuild = ''
ln -sf ${nodeDependencies}/lib/node_modules assets/node_modules
@ -231,7 +242,12 @@ In order to create a service with your release, you could add a `service.nix`
in your project with the following
```nix
{config, pkgs, lib, ...}:
{
config,
pkgs,
lib,
...
}:
let
release = pkgs.callPackage ./default.nix;
@ -241,10 +257,16 @@ in
{
systemd.services.${release_name} = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" ];
after = [
"network.target"
"postgresql.service"
];
# note that if you are connecting to a postgres instance on a different host
# postgresql.service should not be included in the requires.
requires = [ "network-online.target" "postgresql.service" ];
requires = [
"network-online.target"
"postgresql.service"
];
description = "my app";
environment = {
# RELEASE_TMP is used to write the state of the
@ -292,7 +314,9 @@ in
Usually, we need to create a `shell.nix` file and do our development inside of the environment specified therein. Just install your version of Erlang and any other interpreters, and then use your normal build tools. As an example with Elixir:
```nix
{ pkgs ? import <nixpkgs> {} }:
{
pkgs ? import <nixpkgs> { },
}:
with pkgs;
let
@ -311,12 +335,14 @@ If you need to use an overlay to change some attributes of a derivation, e.g. if
```nix
let
elixir_1_18_1_overlay = (self: super: {
elixir_1_18_1_overlay = (
self: super: {
elixir_1_18 = super.elixir_1_18.override {
version = "1.18.1";
sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
};
});
}
);
pkgs = import <nixpkgs> { overlays = [ elixir_1_18_1_overlay ]; };
in
with pkgs;
@ -349,9 +375,7 @@ let
nodePackages.prettier
];
inputs = basePackages ++ lib.optionals stdenv.hostPlatform.isLinux [ inotify-tools ]
++ lib.optionals stdenv.hostPlatform.isDarwin
(with darwin.apple_sdk.frameworks; [ CoreFoundation CoreServices ]);
inputs = basePackages ++ lib.optionals stdenv.hostPlatform.isLinux [ inotify-tools ];
# define shell startup command
hooks = ''
@ -380,7 +404,8 @@ let
export ENV_VAR="your_env_var"
'';
in mkShell {
in
mkShell {
buildInputs = inputs;
shellHook = hooks;
}

34
doc/languages-frameworks/bower.section.md
View file

@ -24,11 +24,15 @@ Running `bower2nix` will produce something like the following output:
```nix
{ fetchbower, buildEnv }:
buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [
(fetchbower "angular" "1.5.3" "~1.5.0" "1749xb0firxdra4rzadm4q9x90v6pzkbd7xmcyjk6qfza09ykk9y")
(fetchbower "bootstrap" "3.3.6" "~3.3.6" "1vvqlpbfcy0k5pncfjaiskj3y6scwifxygfqnw393sjfxiviwmbv")
(fetchbower "jquery" "2.2.2" "1.9.1 - 2" "10sp5h98sqwk90y4k6hbdviwqzvzwqf47r3r51pakch5ii2y7js1")
]; }
buildEnv {
name = "bower-env";
ignoreCollisions = true;
paths = [
(fetchbower "angular" "1.5.3" "~1.5.0" "1749xb0firxdra4rzadm4q9x90v6pzkbd7xmcyjk6qfza09ykk9y")
(fetchbower "bootstrap" "3.3.6" "~3.3.6" "1vvqlpbfcy0k5pncfjaiskj3y6scwifxygfqnw393sjfxiviwmbv")
(fetchbower "jquery" "2.2.2" "1.9.1 - 2" "10sp5h98sqwk90y4k6hbdviwqzvzwqf47r3r51pakch5ii2y7js1")
];
}
```
Using the `bower2nix` command line arguments, the output can be redirected to a file. A name like `bower-packages.nix` would be fine.
@ -80,8 +84,12 @@ gulp.task('build', [], function () {
### Example Full example — default.nix {#ex-buildBowerComponentsDefaultNix}
```nix
{ myWebApp ? { outPath = ./.; name = "myWebApp"; }
, pkgs ? import <nixpkgs> {}
{
myWebApp ? {
outPath = ./.;
name = "myWebApp";
},
pkgs ? import <nixpkgs> { },
}:
pkgs.stdenv.mkDerivation {
@ -90,16 +98,24 @@ pkgs.stdenv.mkDerivation {
buildInputs = [ pkgs.nodePackages.gulp ];
bowerComponents = pkgs.buildBowerComponents { # note 1
bowerComponents = pkgs.buildBowerComponents {
# note 1
name = "my-web-app";
generated = ./bower-packages.nix;
src = myWebApp;
};
nativeBuildInputs = [
writableTmpDirAsHomeHook # note 3
];
buildPhase = ''
runHook preBuild
cp --reflink=auto --no-preserve=mode -R $bowerComponents/bower_components . # note 2
export HOME=$PWD # note 3
${pkgs.nodePackages.gulp}/bin/gulp build # note 4
runHook postBuild
'';
installPhase = "mv gulpdist $out";

20
doc/languages-frameworks/chicken.section.md
View file

@ -60,19 +60,23 @@ all the other eggs:
```nix
let
myChickenPackages = pkgs.chickenPackages.overrideScope (self: super: {
myChickenPackages = pkgs.chickenPackages.overrideScope (
self: super: {
# The chicken package itself can be overridden to effect the whole ecosystem.
# chicken = super.chicken.overrideAttrs {
# src = ...
# };
chickenEggs = super.chickenEggs.overrideScope (eggself: eggsuper: {
srfi-180 = eggsuper.srfi-180.overrideAttrs {
# path to a local copy of srfi-180
src = <...>;
};
});
});
chickenEggs = super.chickenEggs.overrideScope (
eggself: eggsuper: {
srfi-180 = eggsuper.srfi-180.overrideAttrs {
# path to a local copy of srfi-180
src = <...>;
};
}
);
}
);
in
# Here, `myChickenPackages.chickenEggs.json-rpc`, which depends on `srfi-180` will use
# the local copy of `srfi-180`.

97
doc/languages-frameworks/coq.section.md
View file

@ -54,35 +54,78 @@ It also takes other standard `mkDerivation` attributes, they are added as such,
Here is a simple package example. It is a pure Coq library, thus it depends on Coq. It builds on the Mathematical Components library, thus it also takes some `mathcomp` derivations as `extraBuildInputs`.
```nix
{ lib, mkCoqDerivation, version ? null
, coq, mathcomp, mathcomp-finmap, mathcomp-bigenough }:
{
lib,
mkCoqDerivation,
version ? null,
coq,
mathcomp,
mathcomp-finmap,
mathcomp-bigenough,
}:
mkCoqDerivation {
/* namePrefix leads to e.g. `name = coq8.11-mathcomp1.11-multinomials-1.5.2` */
namePrefix = [ "coq" "mathcomp" ];
# namePrefix leads to e.g. `name = coq8.11-mathcomp1.11-multinomials-1.5.2`
namePrefix = [
"coq"
"mathcomp"
];
pname = "multinomials";
owner = "math-comp";
inherit version;
defaultVersion = with lib.versions; lib.switch [ coq.version mathcomp.version ] [
{ cases = [ (range "8.7" "8.12") (isEq "1.11") ]; out = "1.5.2"; }
{ cases = [ (range "8.7" "8.11") (range "1.8" "1.10") ]; out = "1.5.0"; }
{ cases = [ (range "8.7" "8.10") (range "1.8" "1.10") ]; out = "1.4"; }
{ cases = [ (isEq "8.6") (range "1.6" "1.7") ]; out = "1.1"; }
] null;
defaultVersion =
with lib.versions;
lib.switch
[ coq.version mathcomp.version ]
[
{
cases = [
(range "8.7" "8.12")
(isEq "1.11")
];
out = "1.5.2";
}
{
cases = [
(range "8.7" "8.11")
(range "1.8" "1.10")
];
out = "1.5.0";
}
{
cases = [
(range "8.7" "8.10")
(range "1.8" "1.10")
];
out = "1.4";
}
{
cases = [
(isEq "8.6")
(range "1.6" "1.7")
];
out = "1.1";
}
]
null;
release = {
"1.5.2".hash = "sha256-mjCx9XKa38Nz9E6wNK7YSqHdJ7YTua5fD3d6J4e7WpU=";
"1.5.1".hash = "sha256-Q8tm0y2FQAt2V1kZYkDlHWRia/lTvXAMVjdmzEV11I4=";
"1.5.0".hash = "sha256-HIK0f21G69oEW8JG46gSBde/Q2LR3GiBCv680gHbmRg=";
"1.5.0".rev = "1.5";
"1.4".hash = "sha256-F9g3MSIr3B6UZ3p8QWjz3/Jpw9sudJ+KRlvjiHSO024=";
"1.3".hash = "sha256-BPJTlAL0ETHvLMBslE0KFVt3DNoaGuMrHt2SBGyJe1A=";
"1.2".hash = "sha256-mHXBXSLYO4BN+jfN50y/+XCx0Qq5g4Ac2Y/qlsbgAdY=";
"1.1".hash = "sha256-ejAsMQbB/LtU9j+g160VdGXULrCe9s0gBWzyhKqmCuE=";
"1.0".hash = "sha256-tZTOltEBBKWciDxDMs/Ye4Jnq/33CANrHJ4FBMPtq+I=";
"1.5.0".rev = "1.5";
"1.4".hash = "sha256-F9g3MSIr3B6UZ3p8QWjz3/Jpw9sudJ+KRlvjiHSO024=";
"1.3".hash = "sha256-BPJTlAL0ETHvLMBslE0KFVt3DNoaGuMrHt2SBGyJe1A=";
"1.2".hash = "sha256-mHXBXSLYO4BN+jfN50y/+XCx0Qq5g4Ac2Y/qlsbgAdY=";
"1.1".hash = "sha256-ejAsMQbB/LtU9j+g160VdGXULrCe9s0gBWzyhKqmCuE=";
"1.0".hash = "sha256-tZTOltEBBKWciDxDMs/Ye4Jnq/33CANrHJ4FBMPtq+I=";
};
propagatedBuildInputs =
[ mathcomp.ssreflect mathcomp.algebra mathcomp-finmap mathcomp-bigenough ];
propagatedBuildInputs = [
mathcomp.ssreflect
mathcomp.algebra
mathcomp-finmap
mathcomp-bigenough
];
meta = {
description = "Coq/SSReflect Library for Monoidal Rings and Multinomials";
@ -124,12 +167,10 @@ The `overrideCoqDerivation` function lets you easily change arguments to `mkCoqD
For example, here is how you could locally add a new release of the `multinomials` library, and set the `defaultVersion` to use this release:
```nix
coqPackages.lib.overrideCoqDerivation
{
defaultVersion = "2.0";
release."2.0".hash = "sha256-czoP11rtrIM7+OLdMisv2EF7n/IbGuwFxHiPtg3qCNM=";
}
coqPackages.multinomials
coqPackages.lib.overrideCoqDerivation {
defaultVersion = "2.0";
release."2.0".hash = "sha256-czoP11rtrIM7+OLdMisv2EF7n/IbGuwFxHiPtg3qCNM=";
} coqPackages.multinomials
```
### `.overrideAttrs` {#coq-overrideAttrs}
@ -140,8 +181,10 @@ For instance, here is how you could add some code to be performed in the derivat
```nix
coqPackages.multinomials.overrideAttrs (oldAttrs: {
postInstall = oldAttrs.postInstall or "" + ''
echo "you can do anything you want here"
'';
postInstall =
oldAttrs.postInstall or ""
+ ''
echo "you can do anything you want here"
'';
})
```

9
doc/languages-frameworks/crystal.section.md
View file

@ -18,7 +18,7 @@ This should have generated a `shards.nix` file.
Next create a Nix file for your derivation and use `pkgs.crystal.buildCrystalPackage` as follows:
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
crystal.buildCrystalPackage rec {
pname = "mint";
version = "0.5.0";
@ -51,14 +51,17 @@ Additionally you can override the default `crystal build` options (which are cur
```nix
{
crystalBinaries.mint.options = [ "--release" "--verbose" ];
crystalBinaries.mint.options = [
"--release"
"--verbose"
];
}
```
Depending on the project, you might need additional steps to get it to compile successfully. In Mint's case, we need to link against openssl, so in the end the Nix file looks as follows:
```nix
with import <nixpkgs> {};
with import <nixpkgs> { };
crystal.buildCrystalPackage rec {
version = "0.5.0";
pname = "mint";

26
doc/languages-frameworks/cuda.section.md
View file

@ -12,11 +12,13 @@ compatible are available as well. For example, there can be a
To use one or more CUDA packages in an expression, give the expression a `cudaPackages` parameter, and in case CUDA is optional
```nix
{ config
, cudaSupport ? config.cudaSupport
, cudaPackages ? { }
, ...
}: {}
{
config,
cudaSupport ? config.cudaSupport,
cudaPackages ? { },
...
}:
{ }
```
When using `callPackage`, you can choose to pass in a different variant, e.g.
@ -32,11 +34,15 @@ package set to make it the default. This guarantees you get a consistent package
set.
```nix
{
mypkg = let
cudaPackages = cudaPackages_11_5.overrideScope (final: prev: {
cudnn = prev.cudnn_8_3;
});
in callPackage { inherit cudaPackages; };
mypkg =
let
cudaPackages = cudaPackages_11_5.overrideScope (
final: prev: {
cudnn = prev.cudnn_8_3;
}
);
in
callPackage { inherit cudaPackages; };
}
```

Some files were not shown because too many files have changed in this diff Show more