mirror of
https://github.com/NixOS/nixpkgs.git
synced 2026-07-06 17:13:24 -05:00
The performance comparison summary previously stated it compared against
"its pull request base branch (e.g., 'master')" regardless of the actual
base branch.
Plumb the base branch classification computed in prepare.js through the
eval workflow to the `compare` derivation so the summary names the real
base branch (e.g. "staging-25.11"). The local `eval.full` helper defaults
to "master", matching its touched-files convention.
Assisted-by: claude-code with claude-opus-4-8[1m]-high
(cherry picked from commit a100d091a0)
146 lines
5.2 KiB
YAML
146 lines
5.2 KiB
YAML
name: Merge Group
|
|
|
|
on:
|
|
merge_group:
|
|
workflow_call:
|
|
inputs:
|
|
artifact-prefix:
|
|
required: true
|
|
type: string
|
|
mergedSha:
|
|
required: true
|
|
type: string
|
|
targetSha:
|
|
required: true
|
|
type: string
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
prepare:
|
|
runs-on: ubuntu-slim
|
|
outputs:
|
|
baseBranch: ${{ steps.prepare.outputs.base }}
|
|
mergedSha: ${{ steps.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ steps.prepare.outputs.targetSha }}
|
|
systems: ${{ steps.prepare.outputs.systems }}
|
|
steps:
|
|
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
|
with:
|
|
persist-credentials: false
|
|
sparse-checkout: |
|
|
ci/github-script/supportedSystems.js
|
|
|
|
- id: prepare
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
env:
|
|
MERGED_SHA: ${{ inputs.mergedSha }}
|
|
TARGET_SHA: ${{ inputs.targetSha }}
|
|
with:
|
|
script: |
|
|
const { classify } = require('./ci/supportedBranches.js')
|
|
const supportedSystems = require('./ci/github-script/supportedSystems.js')
|
|
|
|
const baseBranch = (
|
|
context.payload.merge_group?.base_ref ??
|
|
context.payload.pull_request.base.ref
|
|
).replace(/^refs\/heads\//, '')
|
|
const baseClassification = classify(baseBranch)
|
|
core.setOutput('base', baseClassification)
|
|
core.info('base classification:', baseClassification)
|
|
|
|
const mergedSha = context.payload.merge_group?.head_sha ?? process.env.MERGED_SHA
|
|
core.setOutput('mergedSha', mergedSha)
|
|
core.info(`mergedSha: ${mergedSha}`)
|
|
|
|
const targetSha = context.payload.merge_group?.base_sha ?? process.env.TARGET_SHA
|
|
core.setOutput('targetSha', targetSha)
|
|
core.info(`targetSha: ${targetSha}`)
|
|
|
|
const systems = await supportedSystems({ github, context, targetSha })
|
|
core.setOutput('systems', systems)
|
|
|
|
check:
|
|
name: Check
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/check.yml
|
|
permissions:
|
|
pull-requests: write # cherry-picks: unused in merge queue but required for check workflow
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
|
|
with:
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
|
|
lint:
|
|
name: Lint
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/lint.yml
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
|
|
with:
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
|
|
eval:
|
|
name: Eval
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/eval.yml
|
|
# The eval workflow requests these permissions so we must explicitly allow them,
|
|
# even though they are unused when working with the merge queue.
|
|
permissions:
|
|
pull-requests: write # compare: unused in merge queue but required by eval workflow
|
|
statuses: write # compare: unused in merge queue but required by eval workflow
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
|
|
with:
|
|
artifact-prefix: ${{ inputs.artifact-prefix }}
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
baseBranch: ${{ needs.prepare.outputs.baseBranch }}
|
|
systems: ${{ needs.prepare.outputs.systems }}
|
|
|
|
build:
|
|
name: Build
|
|
needs: [prepare]
|
|
uses: ./.github/workflows/build.yml
|
|
secrets:
|
|
CACHIX_AUTH_TOKEN_GHA: ${{ secrets.CACHIX_AUTH_TOKEN_GHA }}
|
|
with:
|
|
artifact-prefix: ${{ inputs.artifact-prefix }}
|
|
baseBranch: ${{ needs.prepare.outputs.baseBranch }}
|
|
mergedSha: ${{ needs.prepare.outputs.mergedSha }}
|
|
targetSha: ${{ needs.prepare.outputs.targetSha }}
|
|
|
|
# This job's only purpose is to create the target for the "Required Status Checks" branch ruleset.
|
|
# It "needs" all the jobs that should block the Merge Queue.
|
|
unlock:
|
|
if: github.event_name != 'pull_request' && always()
|
|
# Modify this list to add or remove jobs from required status checks.
|
|
needs:
|
|
- check
|
|
- lint
|
|
- eval
|
|
- build
|
|
runs-on: ubuntu-slim
|
|
permissions:
|
|
statuses: write # creating 'no PR failures' commit status
|
|
steps:
|
|
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
env:
|
|
RESULTS: ${{ toJSON(needs.*.result) }}
|
|
with:
|
|
script: |
|
|
const { serverUrl, repo, runId, payload } = context
|
|
const target_url =
|
|
`${serverUrl}/${repo.owner}/${repo.repo}/actions/runs/${runId}`
|
|
await github.rest.repos.createCommitStatus({
|
|
...repo,
|
|
sha: payload.merge_group.head_sha,
|
|
// WARNING:
|
|
// Do NOT change the name of this, otherwise the rule will not catch it anymore.
|
|
// This would prevent all PRs from merging.
|
|
context: 'no PR failures',
|
|
state: JSON.parse(process.env.RESULTS).every(result => result == 'success') ? 'success' : 'error',
|
|
target_url,
|
|
})
|