-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use GitHub App for codeowner validation and remove hacky script
We shouldn't use personal access tokens, instead we created a GitHub App with read-only access to just this repository. While codeowners-validator supports GitHub App authentication, the same cannot be said for the hacky script I wrote because there was no support for checking write access: mszostok/codeowners-validator#157 Instead of trying to hack the script more to make it work with GitHub App authentication, I decided to implement it into codeowners-validator itself: mszostok/codeowners-validator#222 Because it's not merged/released yet, we need to build it ourselves, so I added some Nix to do that reproducibly.
- Loading branch information
Showing
7 changed files
with
121 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
result* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
let | ||
sources = import ./npins; | ||
in | ||
{ | ||
system ? builtins.currentSystem, | ||
nixpkgs ? sources.nixpkgs, | ||
}: | ||
let | ||
pkgs = import nixpkgs { | ||
inherit system; | ||
config = { }; | ||
overlays = [ ]; | ||
}; | ||
inherit (pkgs) lib; | ||
|
||
packages = { | ||
codeowners-validator = pkgs.buildGoModule { | ||
name = "codeowners-validator"; | ||
src = sources.codeowners-validator; | ||
vendorHash = "sha256-R+pW3xcfpkTRqfS2ETVOwG8PZr0iH5ewroiF7u8hcYI="; | ||
postPatch = "rm -r docs/investigation"; | ||
}; | ||
}; | ||
|
||
in | ||
{ | ||
inherit packages; | ||
|
||
shell = pkgs.mkShell { | ||
packages = [ | ||
pkgs.npins | ||
]; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Generated by npins. Do not modify; will be overwritten regularly | ||
let | ||
data = builtins.fromJSON (builtins.readFile ./sources.json); | ||
version = data.version; | ||
|
||
mkSource = spec: | ||
assert spec ? type; let | ||
path = | ||
if spec.type == "Git" then mkGitSource spec | ||
else if spec.type == "GitRelease" then mkGitSource spec | ||
else if spec.type == "PyPi" then mkPyPiSource spec | ||
else if spec.type == "Channel" then mkChannelSource spec | ||
else builtins.throw "Unknown source type ${spec.type}"; | ||
in | ||
spec // { outPath = path; }; | ||
|
||
mkGitSource = { repository, revision, url ? null, hash, ... }: | ||
assert repository ? type; | ||
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository | ||
# In the latter case, there we will always be an url to the tarball | ||
if url != null then | ||
(builtins.fetchTarball { | ||
inherit url; | ||
sha256 = hash; # FIXME: check nix version & use SRI hashes | ||
}) | ||
else assert repository.type == "Git"; builtins.fetchGit { | ||
url = repository.url; | ||
rev = revision; | ||
# hash = hash; | ||
}; | ||
|
||
mkPyPiSource = { url, hash, ... }: | ||
builtins.fetchurl { | ||
inherit url; | ||
sha256 = hash; | ||
}; | ||
|
||
mkChannelSource = { url, hash, ... }: | ||
builtins.fetchTarball { | ||
inherit url; | ||
sha256 = hash; | ||
}; | ||
in | ||
if version == 3 then | ||
builtins.mapAttrs (_: mkSource) data.pins | ||
else | ||
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ | ||
"pins": { | ||
"codeowners-validator": { | ||
"type": "Git", | ||
"repository": { | ||
"type": "GitHub", | ||
"owner": "tweag", | ||
"repo": "codeowners-validator" | ||
}, | ||
"branch": "simpler-faster-permission-check", | ||
"revision": "a69f70c0bd8ec168ff695f412afa83c7b7a65413", | ||
"url": "https://github.com/tweag/codeowners-validator/archive/a69f70c0bd8ec168ff695f412afa83c7b7a65413.tar.gz", | ||
"hash": "1rybdypjgn4i065r6msfwyx1rvv73x19p28lps3si79bwbkg2xg0" | ||
}, | ||
"nixpkgs": { | ||
"type": "Channel", | ||
"name": "nixpkgs-unstable", | ||
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre616757.4c86138ce486/nixexprs.tar.xz", | ||
"hash": "0lbvdj9jc7g3pqs0yvahpb8y453gn65jvkvbnnkbi6m4afp92p04" | ||
} | ||
}, | ||
"version": 3 | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
(import ./. { }).shell |