Users without write access can be requested #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file was copied mostly from check-maintainers-sorted.yaml. | |
# NOTE: Formatting with the RFC-style nixfmt command is not yet stable. See | |
# https://github.com/NixOS/rfcs/pull/166. | |
# Because of this, this action is not yet enabled for all files -- only for | |
# those who have opted in. | |
name: Check that Nix files are formatted | |
on: | |
pull_request_target: | |
# See the comment at the same location in ./nixpkgs-vet.yml | |
types: [opened, synchronize, reopened, edited] | |
permissions: | |
contents: read | |
jobs: | |
nixos: | |
name: nixfmt-check | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.pull_request.title, '[skip treewide]')" | |
steps: | |
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
with: | |
# pull_request_target checks out the base branch by default | |
ref: refs/pull/${{ github.event.pull_request.number }}/merge | |
# Fetches the merge commit and its parents | |
fetch-depth: 2 | |
- name: Checking out base branch | |
run: | | |
base=$(mktemp -d) | |
baseRev=$(git rev-parse HEAD^1) | |
git worktree add "$base" "$baseRev" | |
echo "baseRev=$baseRev" >> "$GITHUB_ENV" | |
echo "base=$base" >> "$GITHUB_ENV" | |
- name: Get Nixpkgs revision for nixfmt | |
run: | | |
# pin to a commit from nixpkgs-unstable to avoid e.g. building nixfmt | |
# from staging | |
# This should not be a URL, because it would allow PRs to run arbitrary code in CI! | |
rev=$(jq -r .rev ci/pinned-nixpkgs.json) | |
echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV" | |
- uses: cachix/install-nix-action@9f70348d77d0422624097c4b7a75563948901306 # v29 | |
with: | |
# explicitly enable sandbox | |
extra_nix_config: sandbox = true | |
nix_path: nixpkgs=${{ env.url }} | |
- name: Install nixfmt | |
run: "nix-env -f '<nixpkgs>' -iAP nixfmt-rfc-style" | |
- name: Check that Nix files are formatted according to the RFC style | |
run: | | |
unformattedFiles=() | |
# TODO: Make this more parallel | |
# Loop through all Nix files touched by the PR | |
while readarray -d '' -n 2 entry && (( ${#entry[@]} != 0 )); do | |
type=${entry[0]} | |
file=${entry[1]} | |
case $type in | |
A*) | |
source="" | |
dest=$file | |
;; | |
M*) | |
source=$file | |
dest=$file | |
;; | |
C*|R*) | |
source=$file | |
read -r -d '' dest | |
;; | |
*) | |
echo "Ignoring file $file with type $type" | |
continue | |
esac | |
# Ignore files that weren't already formatted | |
if [[ -n "$source" ]] && ! nixfmt --check ${{ env.base }}/"$source" 2>/dev/null; then | |
echo "Ignoring file $file because it's not formatted in the base commit" | |
elif ! nixfmt --check "$dest"; then | |
unformattedFiles+=("$dest") | |
fi | |
done < <(git diff -z --name-status ${{ env.baseRev }} -- '*.nix') | |
if (( "${#unformattedFiles[@]}" > 0 )); then | |
echo "Some new/changed Nix files are not properly formatted" | |
echo "Please go to the Nixpkgs root directory, run \`nix-shell\`, then:" | |
echo "nixfmt ${unformattedFiles[*]@Q}" | |
echo "If you're having trouble, please ping @NixOS/nix-formatting" | |
exit 1 | |
fi |