-
-
Notifications
You must be signed in to change notification settings - Fork 49
149 lines (135 loc) Β· 5.38 KB
/
Copy pathcheck-guix-click.yaml
File metadata and controls
149 lines (135 loc) Β· 5.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
name: π§ͺ Validate Guix python-click
"on":
workflow_dispatch:
# Temporary workflow to validate the python-click 8.4.1 bump proposed at
# https://codeberg.org/guix/guix/pulls/8928
# It prints the full rebuild scope (guix refresh --list-dependent python-click),
# then builds python-click and a sample of high-signal dependents with
# --keep-going, recording each resulting /gnu/store hash. Reviewers can use a
# run to see every affected package and to reproduce and compare the hashes.
# It does not attempt a full world rebuild.
# Delete after the PR is merged upstream.
permissions: {}
jobs:
validate:
name: Build python-click and dependents
runs-on: ubuntu-24.04
env:
GUIX_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Install Guix
run: |
sudo apt-get update
sudo apt-get install --yes --quiet guix
- name: Pull Guix from fork channel
run: |
cat > /tmp/channels.scm << 'CHANNELS'
(list
(channel
(name 'guix)
(url "https://codeberg.org/tutu967/guix.git")
(branch "python-click-8.4.1")))
CHANNELS
# guix pull intermittently fails on transient substitute or git/SSL
# errors; retry a few times before giving up.
for attempt in 1 2 3; do
echo "guix pull attempt ${attempt}..."
if guix pull --channels=/tmp/channels.scm --disable-authentication --fallback --verbosity=0; then
break
fi
[ "${attempt}" -eq 3 ] && { echo "guix pull failed after 3 attempts"; exit 1; }
echo "retrying in 30s..."
sleep 30
done
echo "$HOME/.config/guix/current/bin" >> "$GITHUB_PATH"
- name: Report rebuild scope
run: |
# Full list of affected packages, to the log (searchable) and summary.
echo "Packages depending on python-click (full rebuild scope):"
guix refresh --list-dependent python-click 2>&1 | tee /tmp/dependents.txt || true
{
echo "## Rebuild scope (guix refresh --list-dependent python-click)"
echo ""
echo '```'
cat /tmp/dependents.txt
echo '```'
} >> "${GITHUB_STEP_SUMMARY}"
- name: Lint python-click
run: |
{
echo "## guix lint"
echo ""
} >> "${GITHUB_STEP_SUMMARY}"
lint_output=$(guix lint python-click 2>&1 \
| grep -v -E "^fetching CVE database|Software Heritage" \
| grep -v -E "^guix lint: warning: failed to get list of CVE vulnerabilities" \
| grep -v -E "^guix lint: warning: GitHub rate limit exceeded" \
| grep -v -E "^hint: You can raise the rate limit" \
| grep -v -E "^variable to a token obtained from" \
| grep -v -E "^your GitHub account\." \
| grep -v -E "^Alternatively, you can wait until" \
| grep -v -E "^\`generic-git' updater instead\." \
| grep -v -E ": can be upgraded to .*[-.]?(rc|alpha|beta|dev|a|b)[0-9]*\.?[0-9]*$" \
| sed '/^$/d') || true
if [ -n "${lint_output}" ]; then
echo "${lint_output}"
{
echo "- β οΈ \`python-click\`"
echo '```'
echo "${lint_output}"
echo '```'
} >> "${GITHUB_STEP_SUMMARY}"
exit 1
else
echo "- β
\`python-click\`" >> "${GITHUB_STEP_SUMMARY}"
fi
- name: Build python-click and dependents
if: always()
run: |
set -o pipefail
# python-click first (the bumped package, runs its own test suite),
# then a sample of high-signal click consumers present in python-team.
packages=(
python-click
python-cloup
python-black
python-flask
python-rich-click
python-typer
python-celery
python-dask
python-uvicorn
python-mkdocs
)
{
echo ""
echo "## guix build"
echo ""
} >> "${GITHUB_STEP_SUMMARY}"
failed=0
for pkg in "${packages[@]}"; do
echo "--- Building ${pkg} ---"
log=$(mktemp)
# Capture the /gnu/store output path (stdout) for the hash, keep the
# build log (stderr) for diagnosis. --keep-going matches the
# reviewer's ``guix build -k`` and surfaces every failure.
if out=$(guix build --keep-going "${pkg}" 2>"${log}"); then
echo "${out}"
hash=$(printf '%s\n' "${out}" | head --lines=1)
echo "- β
\`${pkg}\`: \`${hash}\`" >> "${GITHUB_STEP_SUMMARY}"
else
# Show every FAILED line plus the last 200 lines for diagnosis.
grep -E "^FAILED|^ERROR|short test summary|^=+ .* in [0-9]" "${log}" || true
echo "--- last 200 lines ---"
tail --lines=200 "${log}"
echo "- β \`${pkg}\`" >> "${GITHUB_STEP_SUMMARY}"
failed=$((failed + 1))
fi
rm -f "${log}"
done
echo "" >> "${GITHUB_STEP_SUMMARY}"
echo "**${failed} failed** out of ${#packages[@]} packages." >> "${GITHUB_STEP_SUMMARY}"
if [ "${failed}" -gt 0 ]; then
exit 1
fi