tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-09 16:18:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/ci/github-script
History
Wolfgang Walther f7d6d11e8e
workflows/check: don't check github api for owners file 
This removes the "owners" check from codeowners-validator. With it, all
tokens and permissions can be removed, because these were only needed to
make these requests.

This solves the problem of codeowners-validator not supporting our new
nested team structure for nixpkgs-maintainers. To make the onboarding of
new teams easier, we moved all teams "under" the nixpkgs-maintainers
team. This makes them inherit the right privileges (triage) for Nixpkgs.

However, this inheritance is not recognized by codeowners-validator,
thus it assumes that these teams don't have access to Nixpkgs. This then
fails the owners check immediately.

Removing the owners check also has a few other advantages:
- This check depends on external state: If a user is renamed or a team
removed, the check will fail. This makes it a bad check for required
status checks or merge queues - the check might fail randomly,
independent of the current PR.
- Running this check in a fork will never work, because the respective
users and teams don't have access to the fork's repo.

Both of this required us to set `continue-on-error: true` most of the
time.
2025-09-28 18:22:01 +02:00
..
.editorconfig ci/github-script: default to commonjs 2025-07-14 10:35:18 +02:00
.gitignore ci/github-script/commits: init from ci/check-cherry-picks 2025-07-16 11:50:13 +02:00
.npmrc ci/github-script: use real @actions/core 2025-07-15 15:09:02 +02:00
commits.js ci/github-script/commits: split review function into separate file 2025-08-24 12:14:54 +02:00
labels.js ci/github-script/labels: don't add stale if issue was mentioned 2025-09-15 02:07:27 -06:00
package-lock.json ci/github-script: use real @actions/core 2025-07-15 15:09:02 +02:00
package.json ci/github-script: use real @actions/core 2025-07-15 15:09:02 +02:00
prepare.js workflows/check: don't check github api for owners file 2025-09-28 18:22:01 +02:00
README.md ci/github-script/commits: init from ci/check-cherry-picks 2025-07-16 11:50:13 +02:00
reviews.js ci,workflows: deal with ghost reviews 2025-08-25 15:17:01 +02:00
run ci/github-script: fix run script 2025-08-26 13:52:25 +02:00
shell.nix ci/github-script: add gh dependency to dev shell 2025-07-15 12:19:41 +02:00
withRateLimit.js ci: apply unsafe fixes with biome 2025-08-20 15:41:28 +02:00

README.md

GitHub specific CI scripts

This folder contains actions/github-script-based JavaScript code. It provides a nix-shell environment to run and test these actions locally.

To run any of the scripts locally:

  • Enter nix-shell in ./ci/github-script.
  • Ensure gh is authenticated.

Check commits

Run ./run commits OWNER REPO PR, where OWNER is your username or "NixOS", REPO is the name of your fork or "nixpkgs" and PR is the number of the pull request to check.

Labeler

Run ./run labels OWNER REPO, where OWNER is your username or "NixOS" and REPO the name of your fork or "nixpkgs".