From 927521a6ace142da9f96ec7e87035a604fba818e Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Wed, 12 Feb 2025 20:01:58 +0100 Subject: [PATCH] workflows/check-nix-format: Enforce formatting on all files Changes the Nix format checking workflow to now strictly enforce formatting of all Nix files using the treefmt setup introduced in the pre-previous commit. This is in [accordance with the approved RFC 166](https://github.com/NixOS/rfcs/blob/master/rfcs/0166-nix-formatting.md#reformat-nixpkgs). Note that the "skip treewide" thing is no longer necessary, already before, because there's nothing that would fail for treewide changes. Previously the problem was that the GitHub API would be bombarded. --- .github/workflows/check-nix-format.yml | 82 ++++---------------------- ci/default.nix | 9 +++ 2 files changed, 22 insertions(+), 69 deletions(-) diff --git a/.github/workflows/check-nix-format.yml b/.github/workflows/check-nix-format.yml index 0eb9d99a7aa5..d410300df48a 100644 --- a/.github/workflows/check-nix-format.yml +++ b/.github/workflows/check-nix-format.yml @@ -1,8 +1,5 @@ -# This file was copied mostly from check-maintainers-sorted.yaml. -# NOTE: Formatting with the RFC-style nixfmt command is not yet stable. See -# https://github.com/NixOS/rfcs/pull/166. -# Because of this, this action is not yet enabled for all files -- only for -# those who have opted in. +# NOTE: Formatting with the RFC-style nixfmt command is not yet stable. +# See https://github.com/NixOS/rfcs/pull/166. name: Check that Nix files are formatted @@ -20,80 +17,27 @@ jobs: name: nixfmt-check runs-on: ubuntu-24.04 needs: get-merge-commit - if: "needs.get-merge-commit.outputs.mergedSha && !contains(github.event.pull_request.title, '[skip treewide]')" + if: needs.get-merge-commit.outputs.mergedSha steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.get-merge-commit.outputs.mergedSha }} - # Fetches the merge commit and its parents - fetch-depth: 2 - - - name: Checking out target branch - run: | - target=$(mktemp -d) - targetRev=$(git rev-parse HEAD^1) - git worktree add "$target" "$targetRev" - echo "targetRev=$targetRev" >> "$GITHUB_ENV" - echo "target=$target" >> "$GITHUB_ENV" - - - name: Get Nixpkgs revision for nixfmt - run: | - # pin to a commit from nixpkgs-unstable to avoid e.g. building nixfmt - # from staging - # This should not be a URL, because it would allow PRs to run arbitrary code in CI! - rev=$(jq -r .rev ci/pinned-nixpkgs.json) - echo "url=https://github.com/NixOS/nixpkgs/archive/$rev.tar.gz" >> "$GITHUB_ENV" - uses: cachix/install-nix-action@02a151ada4993995686f9ed4f1be7cfbb229e56f # v31 with: extra_nix_config: sandbox = true - nix_path: nixpkgs=${{ env.url }} - - name: Install nixfmt - run: "nix-env -f '' -iAP nixfmt-rfc-style" - - - name: Check that Nix files are formatted according to the RFC style + - name: Check that Nix files are formatted run: | - unformattedFiles=() - - # TODO: Make this more parallel - - # Loop through all Nix files touched by the PR - while readarray -d '' -n 2 entry && (( ${#entry[@]} != 0 )); do - type=${entry[0]} - file=${entry[1]} - case $type in - A*) - source="" - dest=$file - ;; - M*) - source=$file - dest=$file - ;; - C*|R*) - source=$file - read -r -d '' dest - ;; - *) - echo "Ignoring file $file with type $type" - continue - esac - - # Ignore files that weren't already formatted - if [[ -n "$source" ]] && ! nixfmt --check ${{ env.target }}/"$source" 2>/dev/null; then - echo "Ignoring file $file because it's not formatted in the target commit" - elif ! nixfmt --check "$dest"; then - unformattedFiles+=("$dest") - fi - done < <(git diff -z --name-status ${{ env.targetRev }} -- '*.nix') - - if (( "${#unformattedFiles[@]}" > 0 )); then - echo "Some new/changed Nix files are not properly formatted" - echo "Please format them using the Nixpkgs-specific \`nixfmt\` by going to the Nixpkgs root directory, running \`nix-shell\`, then:" - echo - echo "nixfmt ${unformattedFiles[*]@Q}" - echo + # Note that it's fine to run this on untrusted code because: + # - There's no secrets accessible here + # - The build is sandboxed + if ! nix-build ci -A fmt.check; then + echo "Some Nix files are not properly formatted" + echo "Please format them by going to the Nixpkgs root directory and running one of:" + echo " nix-shell --run treefmt" + echo " nix develop --command treefmt" + echo " nix fmt" echo "Make sure your branch is up to date with master; rebase if not." echo "If you're having trouble, please ping @NixOS/nix-formatting" exit 1 diff --git a/ci/default.nix b/ci/default.nix index 68721e4b35a1..67f59d61bfd4 100644 --- a/ci/default.nix +++ b/ci/default.nix @@ -49,10 +49,19 @@ let # See https://github.com/NixOS/nixfmt programs.nixfmt.enable = true; }; + fs = pkgs.lib.fileset; + nixFilesSrc = fs.toSource { + root = ../.; + fileset = fs.difference (fs.unions [ + (fs.fileFilter (file: file.hasExt "nix") ../.) + ../.git-blame-ignore-revs + ]) (fs.maybeMissing ../.git); + }; in { shell = treefmtEval.config.build.devShell; pkg = treefmtEval.config.build.wrapper; + check = treefmtEval.config.build.check nixFilesSrc; }; in