home/suites/development: multi system nixpkgs-review

khaneliman · Sep 29, 2024 · f373f51 · f373f51
1 parent 8495a12
commit f373f51
Show file tree

Hide file tree

Showing 3 changed files with 1,488 additions and 1 deletion.
diff --git a/modules/home/suites/development/default.nix b/modules/home/suites/development/default.nix
@@ -45,7 +45,12 @@ in
           hydra-check
           nixpkgs-hammering
           nixpkgs-lint-community
-          nixpkgs-review
+          (nixpkgs-review.overrideAttrs (_oldAttrs: {
+            patches = [
+              ./master.patch
+              ./multi.patch
+            ];
+          }))
           nix-update
           nix-output-monitor
           snowfall-flake.packages.${system}.flake

diff --git a/modules/home/suites/development/master.patch b/modules/home/suites/development/master.patch
@@ -0,0 +1,266 @@
+From 481810ac7d79efd95bcf0425b447eda9fcad6e4a Mon Sep 17 00:00:00 2001
+From: Gavin John <gavinnjohn@gmail.com>
+Date: Thu, 5 Sep 2024 08:54:33 -0700
+Subject: [PATCH 1/5] Add emojis to nixpkgs-review post-result
+
+---
+ nixpkgs_review/report.py | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/nixpkgs_review/report.py b/nixpkgs_review/report.py
+index 8fa7e1e..fd29acb 100644
+--- a/nixpkgs_review/report.py
++++ b/nixpkgs_review/report.py
+@@ -24,12 +24,16 @@ def print_number(
+     log("")
+
+
+-def html_pkgs_section(packages: list[Attr], msg: str, what: str = "package") -> str:
++def html_pkgs_section(
++    emoji: str, packages: list[Attr], msg: str, what: str = "package"
++) -> str:
+     if len(packages) == 0:
+         return ""
+     plural = "s" if len(packages) > 1 else ""
+     res = "<details>\n"
+-    res += f"  <summary>{len(packages)} {what}{plural} {msg}:</summary>\n  <ul>\n"
++    res += (
++        f"  <summary>{emoji} {len(packages)} {what}{plural} {msg}:</summary>\n  <ul>\n"
++    )
+     for pkg in packages:
+         res += f"    <li>{pkg.name}"
+         if len(pkg.aliases) > 0:
+@@ -175,15 +179,18 @@ def markdown(self, pr: int | None) -> str:
+
+         msg = f"Result of `{cmd}` run on {self.system} [1](https://github.com/Mic92/nixpkgs-review)\n"
+
+-        msg += html_pkgs_section(self.broken, "marked as broken and skipped")
+         msg += html_pkgs_section(
++            ":fast_forward:", self.broken, "marked as broken and skipped"
++        )
++        msg += html_pkgs_section(
++            ":fast_forward:",
+             self.non_existent,
+             "present in ofBorgs evaluation, but not found in the checkout",
+         )
+-        msg += html_pkgs_section(self.blacklisted, "blacklisted")
+-        msg += html_pkgs_section(self.failed, "failed to build")
+-        msg += html_pkgs_section(self.tests, "built", what="test")
+-        msg += html_pkgs_section(self.built, "built")
++        msg += html_pkgs_section(":fast_forward:", self.blacklisted, "blacklisted")
++        msg += html_pkgs_section(":x:", self.failed, "failed to build")
++        msg += html_pkgs_section(":white_check_mark:", self.tests, "built", what="test")
++        msg += html_pkgs_section(":white_check_mark:", self.built, "built")
+
+         return msg
+
+
+From 1097624569a7de712ef266d773d3dc8d2ba7aec9 Mon Sep 17 00:00:00 2001
+From: Vladimir Panteleev <git@cy.md>
+Date: Mon, 9 Sep 2024 09:53:09 +0000
+Subject: [PATCH 2/5] fix: distinguish build failures from store failures
+
+"nix-store --verify-path" exits with status 1 in various situations,
+including when the path does not exist (due to having failed to build)
+or when the checksum doesn't match the Nix database.
+
+Since nixpkgs-review tries to report build failures specifically, use
+"nix store verify" instead with its "--no-contents" flag. This avoids
+classifying checksum mismatches as build failures, which can be
+misleading to nixpkgs-review users.
+
+Though still an abnormal situation that might be useful to report, we
+now ignore store path errors; these are generally an abnormal
+situation, and detecting them is out-of-scope for nixpkgs-review.  Should
+it become clearer that it would be useful to report them, it could be
+done by removing --no-contents and checking "nix store verify"'s exit
+status, which indicates the nature of the problem.
+---
+ nixpkgs_review/nix.py | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/nixpkgs_review/nix.py b/nixpkgs_review/nix.py
+index 002f6f0..bf8adbb 100644
+--- a/nixpkgs_review/nix.py
++++ b/nixpkgs_review/nix.py
+@@ -33,7 +33,17 @@ def was_build(self) -> bool:
+             return self._path_verified
+
+         res = subprocess.run(
+-            ["nix-store", "--verify-path", self.path], stderr=subprocess.DEVNULL
++            [
++                "nix",
++                "--extra-experimental-features",
++                "nix-command",
++                "store",
++                "verify",
++                "--no-contents",
++                "--no-trust",
++                self.path,
++            ],
++            stderr=subprocess.DEVNULL,
+         )
+         self._path_verified = res.returncode == 0
+         return self._path_verified
+
+From 91b397fffb1d50b5977ec52f2879f2aea1432dc9 Mon Sep 17 00:00:00 2001
+From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
+Date: Mon, 16 Sep 2024 09:09:57 +0000
+Subject: [PATCH 3/5] Bump cachix/install-nix-action from V27 to 28
+
+Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from V27 to 28. This release includes the previously tagged commit.
+- [Release notes](https://github.com/cachix/install-nix-action/releases)
+- [Commits](https://github.com/cachix/install-nix-action/compare/V27...V28)
+
+---
+updated-dependencies:
+- dependency-name: cachix/install-nix-action
+  dependency-type: direct:production
+...
+
+Signed-off-by: dependabot[bot] <support@github.com>
+---
+ .github/workflows/test.yml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
+index d176e5c..8c0436a 100644
+--- a/.github/workflows/test.yml
++++ b/.github/workflows/test.yml
+@@ -14,7 +14,7 @@ jobs:
+     runs-on: ubuntu-latest
+     steps:
+     - uses: actions/checkout@v4
+-    - uses: cachix/install-nix-action@V27
++    - uses: cachix/install-nix-action@V28
+       with:
+         extra_nix_config: |
+           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+@@ -24,7 +24,7 @@ jobs:
+     runs-on: ubuntu-latest
+     steps:
+     - uses: actions/checkout@v4
+-    - uses: cachix/install-nix-action@V27
++    - uses: cachix/install-nix-action@V28
+       with:
+         extra_nix_config: |
+           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+
+From 2beefeb592a8e1afd2414ff8b3bc44afcfa21f2e Mon Sep 17 00:00:00 2001
+From: asymmetric <101816+asymmetric@users.noreply.github.com>
+Date: Wed, 18 Sep 2024 22:06:30 +0000
+Subject: [PATCH 4/5] doc: mention that only classic PATs work (#418)
+
+* doc: mention that only classic PATs work
+
+Minimal version of https://github.com/Mic92/nixpkgs-review/pull/406
+
+* doc: update example token
+
+PATs have a `ghp_` prefix now.
+
+* doc: fix formatting
+
+Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
+
+---------
+
+Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
+---
+ README.md | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/README.md b/README.md
+index b45e27c..d23171d 100644
+--- a/README.md
++++ b/README.md
+@@ -223,16 +223,16 @@ Some commands (i.e., `post-result` or `merge`) require a GitHub API token, and
+ even for read-only calls, GitHub returns 403 error messages if your IP hits the
+ rate limit for unauthenticated calls.
+
+-To use a token, first create a
+-[personal access token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/).
+-If you plan to post comments with the reports generated, you need to add the
+-`repo:public_repo` scope.
++To use a token, first create a **classic**
++[personal access token](https://github.com/settings/tokens). If you plan to post
++comments with the reports generated, you need to add the `repo:public_repo`
++scope.
+
+ Then use either the `GITHUB_TOKEN` environment variable or the `--token`
+ parameter of the `pr` subcommand.
+
+ ```console
+-$ GITHUB_TOKEN=5ae04810f1e9f17c3297ee4c9e25f3ac1f437c26 nixpkgs-review pr  37244
++$ GITHUB_TOKEN=ghp_WAI7vpi9wVHbxPOA185NwWvaMawDuCnMGc3E nixpkgs-review pr  37244
+ ```
+
+ Additionally, nixpkgs-review will also read the oauth_token stored by
+
+From 86940d121f4a93860bbe9857581a09e633639f0d Mon Sep 17 00:00:00 2001
+From: Keshav Kini <keshav.kini@gmail.com>
+Date: Tue, 2 Jul 2024 19:14:25 -0700
+Subject: [PATCH 5/5] Update instructions for GitHub API tokens
+
+In late 2022, GitHub [introduced][1] a new type of API tokens that are supposed
+to be more secure and fine grained than the old type of tokens.  But they won't
+work for nixpkgs-review's purposes (at least for now) because there is no way to
+grant these new tokens access to resources that are not owned by you, and most
+users of nixpkgs-reviews are not owners of @NixOS/nixpkgs which is the repo
+they're trying to submit pull request comments to (when using `--post-result`,
+anyway).
+
+This commit clarifies the README instructions so that users will know they need
+to create the old type of API token, the "personal access token (classic)", and
+not the new type.
+
+Also did a bit of rewording for further clarity.
+
+[1]: https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/
+---
+ README.md | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/README.md b/README.md
+index d23171d..958261f 100644
+--- a/README.md
++++ b/README.md
+@@ -217,27 +217,29 @@ As an alternative, one can also specify remote builder as usual in
+ `/etc/nix/machines` or via the `nix.buildMachines` nixos options in
+ `configuration.nix`. This allows to parallelize builds across multiple machines.
+
+-## GitHub api token
++## GitHub API token
+
+ Some commands (i.e., `post-result` or `merge`) require a GitHub API token, and
+ even for read-only calls, GitHub returns 403 error messages if your IP hits the
+ rate limit for unauthenticated calls.
+
+-To use a token, first create a **classic**
+-[personal access token](https://github.com/settings/tokens). If you plan to post
+-comments with the reports generated, you need to add the `repo:public_repo`
++Nixpkgs-review will automatically read the oauth_token stored by
++[hub](https://hub.github.com/) or [gh](https://cli.github.com/) if they are
++installed.
++
++Otherwise, you'll have to create a "personal access token (classic)" through
++GitHub's website. See [the GitHub documentation][3] for instructions. If you
++plan to post the generated reports, make sure to give it the `public_repo`
+ scope.
+
+ Then use either the `GITHUB_TOKEN` environment variable or the `--token`
+-parameter of the `pr` subcommand.
++parameter of the `pr` subcommand to supply your token to nixpkgs-review.
+
+ ```console
+-$ GITHUB_TOKEN=ghp_WAI7vpi9wVHbxPOA185NwWvaMawDuCnMGc3E nixpkgs-review pr  37244
++$ GITHUB_TOKEN=ghp_WAI7vpi9wVHbxPOA185NwWvaMawDuCnMGc3E nixpkgs-review pr 37244 --post-result
++$ nixpkgs-review pr 37244 --token ghp_WAI7vpi9wVHbxPOA185NwWvaMawDuCnMGc3E --post-result
+ ```
+
+-Additionally, nixpkgs-review will also read the oauth_token stored by
+-[hub](https://hub.github.com/) and [gh](https://cli.github.com/).
+-
+ ## Checkout strategy (recommend for r-ryantm + cachix)
+
+ By default, `nixpkgs-review pr` will merge the pull request into the pull