.github/workflows/nix-parse.yml

   1 name: "Check whether nix files are parseable"
   2
   3 permissions: read-all
   4
   5 on:
   6   # avoids approving first time contributors
   7   pull_request_target:
   8     branches-ignore:
   9       - 'release-**'
  10
  11 jobs:
  12   tests:
  13     runs-on: ubuntu-latest
  14     if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
  15     steps:
  16     - name: Get list of changed files from PR
  17       env:
  18         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  19       run: |
  20         gh api \
  21           repos/NixOS/nixpkgs/pulls/${{github.event.number}}/files --paginate \
  22           | jq --raw-output '.[] | select(.status != "removed" and (.filename | endswith(".nix"))) | .filename' \
  23           > "$HOME/changed_files"
  24         if [[ -s "$HOME/changed_files" ]]; then
  25           echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV"
  26         fi
  27     - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
  28       with:
  29         # pull_request_target checks out the base branch by default
  30         ref: refs/pull/${{ github.event.pull_request.number }}/merge
  31       if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}
  32     - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26
  33       with:
  34         nix_path: nixpkgs=channel:nixpkgs-unstable
  35     - name: Parse all changed or added nix files
  36       run: |
  37         ret=0
  38         while IFS= read -r file; do
  39           out="$(nix-instantiate --parse "$file")" || { echo "$out" && ret=1; }
  40         done < "$HOME/changed_files"
  41         exit "$ret"
  42       if: ${{ env.CHANGED_FILES && env.CHANGED_FILES != '' }}