diff --git a/.github/actions/checkout/action.yml b/.github/actions/checkout/action.yml index b70749564c018..128398e5e02ff 100644 --- a/.github/actions/checkout/action.yml +++ b/.github/actions/checkout/action.yml @@ -20,6 +20,7 @@ runs: PIN_BUMP_SHA: ${{ inputs.untrusted-pin-bump }} with: script: | + const { rm, writeFile } = require('node:fs/promises') const { spawn } = require('node:child_process') const { join } = require('node:path') @@ -55,10 +56,19 @@ runs: return pinned.pins.nixpkgs.revision } - const pin_bump_sha = process.env.PIN_BUMP_SHA + // Getting the pin-bump diff via the API avoids issues with `git fetch` + // thin-packs not having enough base objects to be applied locally. + // Returns a unified diff suitable for `git apply`. + async function getPinBumpDiff(ref) { + const { data } = await github.rest.repos.getCommit({ + mediaType: { format: 'diff' }, + ...context.repo, + ref, + }) + return data + } - // When dealing with a pin bump commit, we need `--depth=2` to view & apply its diff - const depth = pin_bump_sha ? 2 : 1 + const pin_bump_sha = process.env.PIN_BUMP_SHA const commits = [ { @@ -76,17 +86,14 @@ runs: { sha: await getPinnedSha(process.env.TARGET_SHA), path: 'trusted-pinned' - }, - { - sha: pin_bump_sha } ].filter(({ sha }) => Boolean(sha)) - console.log('Fetching the following commits:', commits) + console.log('Checking out the following commits:', commits) // Fetching all commits at once is much faster than doing multiple checkouts. // This would fail without --refetch, because the we had a partial clone before, but changed it above. - await run('git', 'fetch', `--depth=${depth}`, '--refetch', 'origin', ...(commits.map(({ sha }) => sha))) + await run('git', 'fetch', '--depth=1', '--refetch', 'origin', ...(commits.map(({ sha }) => sha))) // Checking out onto tmpfs takes 1s and is faster by at least factor 10x. await run('mkdir', 'nixpkgs') @@ -101,20 +108,21 @@ runs: // Create all worktrees in parallel. await Promise.all( - commits - .filter(({ path }) => Boolean(path)) - .map(async ({ sha, path }) => { - await run('git', 'worktree', 'add', join('nixpkgs', path), sha, '--no-checkout') - await run('git', '-C', join('nixpkgs', path), 'sparse-checkout', 'disable') - await run('git', '-C', join('nixpkgs', path), 'checkout', '--progress') - }) + commits.map(async ({ sha, path }) => { + await run('git', 'worktree', 'add', join('nixpkgs', path), sha, '--no-checkout') + await run('git', '-C', join('nixpkgs', path), 'sparse-checkout', 'disable') + await run('git', '-C', join('nixpkgs', path), 'checkout', '--progress') + }) ) // Apply pin bump to untrusted worktree if (pin_bump_sha) { - console.log('Applying untrusted ci/pinned.json bump:', pin_bump_sha) + console.log('Fetching ci/pinned.json bump commit:', pin_bump_sha) + await writeFile('pin-bump.patch', await getPinBumpDiff(pin_bump_sha)) + + console.log('Applying untrusted ci/pinned.json bump to ./nixpkgs/untrusted') try { - await run('git', '-C', join('nixpkgs', 'untrusted'), 'cherry-pick', '--no-commit', pin_bump_sha) + await run('git', '-C', join('nixpkgs', 'untrusted'), 'apply', '--3way', join('..', '..', 'pin-bump.patch')) } catch { core.setFailed([ `Failed to apply ci/pinned.json bump commit ${pin_bump_sha}.`, @@ -122,5 +130,7 @@ runs: `Please rebase the PR or ensure the pin bump is standalone.` ].join(' ')) return + } finally { + await rm('pin-bump.patch') } } diff --git a/ci/pinned.json b/ci/pinned.json index 6feb67129b340..0009630f2c9b3 100644 --- a/ci/pinned.json +++ b/ci/pinned.json @@ -9,9 +9,9 @@ }, "branch": "nixpkgs-unstable", "submodules": false, - "revision": "ee09932cedcef15aaf476f9343d1dea2cb77e261", - "url": "https://github.com/NixOS/nixpkgs/archive/ee09932cedcef15aaf476f9343d1dea2cb77e261.tar.gz", - "hash": "1xz5pa6la2fyj5b1cfigmg3nmml11fyf9ah0rnr4zfgmnwimn2gn" + "revision": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "url": "https://github.com/NixOS/nixpkgs/archive/c6245e83d836d0433170a16eb185cefe0572f8b8.tar.gz", + "hash": "1dvhyaddi7d4fkj63hns1xrdqcmyyq24y89k0cdwxs8s3619bx8v" }, "treefmt-nix": { "type": "Git", diff --git a/pkgs/by-name/he/hello/package.nix b/pkgs/by-name/he/hello/package.nix index 05977b8037244..e12a0484eeb12 100644 --- a/pkgs/by-name/he/hello/package.nix +++ b/pkgs/by-name/he/hello/package.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation (finalAttrs: { patches = lib.optional stdenv.hostPlatform.isCygwin gnulib.patches.memcpy-fix-backport-250512; + TEST = 123; + # The GNU Hello `configure` script detects how to link libiconv but fails to actually make use of that. # Unfortunately, this cannot be a patch to `Makefile.am` because `autoreconfHook` causes a gettext # infrastructure mismatch error when trying to build `hello`.