.github/workflows/nix-parse-v2.yml

   1 name: "Check whether nix files are parseable v2"
   2
   3 permissions:
   4   pull-requests: read
   5   contents: read
   6
   7 on:
   8   # avoids approving first time contributors
   9   pull_request_target:
  10     branches-ignore:
  11       - 'release-**'
  12
  13 jobs:
  14   tests:
  15     name: nix-files-parseable-check
  16     runs-on: ubuntu-latest
  17     if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
  18     steps:
  19     - name: Get list of changed files from PR
  20       env:
  21         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  22       run: |
  23         gh api \
  24           repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
  25           | jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
  26           > "$HOME/changed_files"
  27         if [[ -s "$HOME/changed_files" ]]; then
  28           echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
  29         fi
  30     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
  31       with:
  32         # pull_request_target checks out the base branch by default
  33         ref: refs/pull/${{ github.event.pull_request.number }}/merge
  34       if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
  35     - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
  36       with:
  37         nix_path: nixpkgs=channel:nixpkgs-unstable
  38     - name: Parse all changed or added nix files
  39       run: |
  40         ret=0
  41         while IFS= read -r file; do
  42           out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
  43         done < "$HOME/changed_files"
  44         exit "$ret"
  45       if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}