drop bors, switch to merge queue
This commit is contained in:
parent
b22d074185
commit
e5b7372a0f
8 changed files with 44 additions and 50 deletions
6
.github/CONTRIBUTING.md
vendored
6
.github/CONTRIBUTING.md
vendored
|
@ -1,7 +1,3 @@
|
||||||
### Pull requests from forks
|
### Pull requests from forks
|
||||||
|
|
||||||
As PRs from forks don't have automatic CI checks, admins can test PRs by posting a comment on the PR instead.
|
PRs from forks don't have automatic CI checks but they will go through CI during merge.
|
||||||
|
|
||||||
- `bors try` - check if the PR builds.
|
|
||||||
- `bors merge` - same as `bors try` but will also merge the PR if it builds successfully.
|
|
||||||
- https://bors.tech/documentation/
|
|
||||||
|
|
28
.github/settings.yml
vendored
28
.github/settings.yml
vendored
|
@ -34,11 +34,11 @@ repository:
|
||||||
|
|
||||||
# Either `true` to allow squash-merging pull requests, or `false` to prevent
|
# Either `true` to allow squash-merging pull requests, or `false` to prevent
|
||||||
# squash-merging.
|
# squash-merging.
|
||||||
allow_squash_merge: true
|
allow_squash_merge: false
|
||||||
|
|
||||||
# Either `true` to allow merging pull requests with a merge commit, or `false`
|
# Either `true` to allow merging pull requests with a merge commit, or `false`
|
||||||
# to prevent merging pull requests with merge commits.
|
# to prevent merging pull requests with merge commits.
|
||||||
allow_merge_commit: true
|
allow_merge_commit: false
|
||||||
|
|
||||||
# Either `true` to allow rebase-merging pull requests, or `false` to prevent
|
# Either `true` to allow rebase-merging pull requests, or `false` to prevent
|
||||||
# rebase-merging.
|
# rebase-merging.
|
||||||
|
@ -55,6 +55,8 @@ repository:
|
||||||
# vulnerability alerts.
|
# vulnerability alerts.
|
||||||
enable_vulnerability_alerts: true
|
enable_vulnerability_alerts: true
|
||||||
|
|
||||||
|
allow_auto_merge: true
|
||||||
|
|
||||||
# Labels: define labels for Issues and Pull Requests
|
# Labels: define labels for Issues and Pull Requests
|
||||||
#
|
#
|
||||||
labels:
|
labels:
|
||||||
|
@ -103,6 +105,20 @@ teams:
|
||||||
permission: admin
|
permission: admin
|
||||||
|
|
||||||
branches:
|
branches:
|
||||||
|
# gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection
|
||||||
|
|
||||||
|
# not available in the api yet
|
||||||
|
# `Require merge queue`: true
|
||||||
|
# `Merge method`: Rebase and merge
|
||||||
|
# `Maximum pull requests to build`: 1
|
||||||
|
# `Maximum pull requests to merge`: 1
|
||||||
|
# defaults:
|
||||||
|
# `Maximum pull requests to build`: 5
|
||||||
|
# `Minimum pull requests to merge`: 1 or 5 minutes
|
||||||
|
# `Maximum pull requests to merge`: 5
|
||||||
|
# `Only merge non-failing pull requests`: true
|
||||||
|
# `Consider check failed after`: 60 minutes
|
||||||
|
|
||||||
- name: master
|
- name: master
|
||||||
# https://docs.github.com/en/rest/reference/repos#update-branch-protection
|
# https://docs.github.com/en/rest/reference/repos#update-branch-protection
|
||||||
# Branch Protection settings. Set to null to disable
|
# Branch Protection settings. Set to null to disable
|
||||||
|
@ -127,13 +143,15 @@ branches:
|
||||||
# Required. Require branches to be up to date before merging.
|
# Required. Require branches to be up to date before merging.
|
||||||
strict: false
|
strict: false
|
||||||
# Required. The list of status checks to require in order to merge into this branch
|
# Required. The list of status checks to require in order to merge into this branch
|
||||||
contexts: ["bors"]
|
contexts:
|
||||||
|
- ci/hercules/evaluation
|
||||||
|
- ci/hercules/onPush/default
|
||||||
# Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
|
# Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
|
||||||
enforce_admins: true
|
enforce_admins: true
|
||||||
# Disabled for bors to work
|
# Disabled for bors to work
|
||||||
required_linear_history: false
|
required_linear_history: false
|
||||||
# Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
|
# Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
|
||||||
restrictions:
|
restrictions:
|
||||||
apps: ["bors"]
|
apps: ["hercules-ci"]
|
||||||
users: []
|
users: ["nix-infra-bot"]
|
||||||
teams: []
|
teams: []
|
||||||
|
|
|
@ -13,13 +13,12 @@ jobs:
|
||||||
extra_nix_config: |
|
extra_nix_config: |
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
- name: Update flake.lock
|
- name: Update flake.lock
|
||||||
|
id: update
|
||||||
uses: DeterminateSystems/update-flake-lock@v19
|
uses: DeterminateSystems/update-flake-lock@v19
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
||||||
pr-body: |
|
|
||||||
Automated changes by the update-flake-lock
|
|
||||||
```
|
|
||||||
{{ env.GIT_COMMIT_MESSAGE }}
|
|
||||||
```
|
|
||||||
bors merge
|
|
||||||
inputs: nixpkgs-update
|
inputs: nixpkgs-update
|
||||||
|
- name: Enable Automerge
|
||||||
|
run: gh pr merge --rebase --auto "${{ steps.update.outputs.pull-request-number }}"
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
||||||
|
|
20
.github/workflows/flake-updates.yml
vendored
20
.github/workflows/flake-updates.yml
vendored
|
@ -1,20 +0,0 @@
|
||||||
name: "Update flakes"
|
|
||||||
on:
|
|
||||||
repository_dispatch:
|
|
||||||
workflow_dispatch:
|
|
||||||
schedule:
|
|
||||||
- cron: "51 2 * * 1,5"
|
|
||||||
jobs:
|
|
||||||
createPullRequest:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: Install Nix
|
|
||||||
uses: cachix/install-nix-action@v20
|
|
||||||
with:
|
|
||||||
extra_nix_config: |
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
- name: Update flake.lock
|
|
||||||
uses: DeterminateSystems/update-flake-lock@v19
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
|
|
@ -1,5 +0,0 @@
|
||||||
cut_body_after = "" # don't include text from the PR body in the merge commit message
|
|
||||||
status = [
|
|
||||||
"ci/hercules/evaluation",
|
|
||||||
"ci/hercules/onPush/default",
|
|
||||||
]
|
|
|
@ -8,7 +8,7 @@
|
||||||
onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, ... }:
|
onPush.default.outputs.effects = withSystem "x86_64-linux" ({ hci-effects, pkgs, ... }:
|
||||||
{
|
{
|
||||||
terraform-deploy =
|
terraform-deploy =
|
||||||
hci-effects.runIf (ref == "refs/heads/trying" || ref == "refs/heads/staging")
|
hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" ref)
|
||||||
(hci-effects.mkEffect {
|
(hci-effects.mkEffect {
|
||||||
name = "terraform-deploy";
|
name = "terraform-deploy";
|
||||||
inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
|
inputs = [ (builtins.getFlake (toString ./terraform/.)).outputs.devShells.x86_64-linux.default.nativeBuildInputs ];
|
||||||
|
@ -23,11 +23,7 @@
|
||||||
pushd terraform
|
pushd terraform
|
||||||
terraform init
|
terraform init
|
||||||
terraform validate
|
terraform validate
|
||||||
if [[ ${ref} == "refs/heads/staging" ]]; then
|
terraform apply -auto-approve
|
||||||
terraform apply -auto-approve
|
|
||||||
else
|
|
||||||
terraform plan
|
|
||||||
fi
|
|
||||||
'';
|
'';
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
10
flake.nix
10
flake.nix
|
@ -55,6 +55,16 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
hercules-ci.flake-update = {
|
||||||
|
enable = true;
|
||||||
|
createPullRequest = true;
|
||||||
|
autoMergeMethod = "rebase";
|
||||||
|
when = {
|
||||||
|
hour = [ 2 ];
|
||||||
|
dayOfWeek = [ "Mon" "Fri" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
inputs.hercules-ci-effects.flakeModule
|
inputs.hercules-ci-effects.flakeModule
|
||||||
inputs.treefmt-nix.flakeModule
|
inputs.treefmt-nix.flakeModule
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
cluster-join-token.key: ENC[AES256_GCM,data:Ba8S5Cx3NJR/FoKkSVc5pX1bwKkYHAhTid3dlWcGRXPCmVtrMgBKLjDZ5b3AajZio+IvS7XNajsVqPUB/rsBUPL+mz/DPbnI4bibLkB0KZl5v6FnMf6RbGr7RWbEsGXWlJh77l/AmGRWJTj7Dh3LaQ53dguhNIDuXGvNhTLs690/93Xnc+x+d5tzl2hNz/A4/IQxpsRoJJKygqGndbc0bTUPo0QZMLtf8kHQtCiozfm1SeW49ITnM+4VCOJB8NkSkwUfy5Rs574fFijYSOGT8LSSH0ly2oxHEY+UaJudRhjr5uzrcZPI/WrrtkI=,iv:87JRtvlkkExu37uYRaHojsk1vjhO1ocw2L9yE+7shpI=,tag:0de71eZjy8F/w0LQzOVAyg==,type:str]
|
cluster-join-token.key: ENC[AES256_GCM,data:Ba8S5Cx3NJR/FoKkSVc5pX1bwKkYHAhTid3dlWcGRXPCmVtrMgBKLjDZ5b3AajZio+IvS7XNajsVqPUB/rsBUPL+mz/DPbnI4bibLkB0KZl5v6FnMf6RbGr7RWbEsGXWlJh77l/AmGRWJTj7Dh3LaQ53dguhNIDuXGvNhTLs690/93Xnc+x+d5tzl2hNz/A4/IQxpsRoJJKygqGndbc0bTUPo0QZMLtf8kHQtCiozfm1SeW49ITnM+4VCOJB8NkSkwUfy5Rs574fFijYSOGT8LSSH0ly2oxHEY+UaJudRhjr5uzrcZPI/WrrtkI=,iv:87JRtvlkkExu37uYRaHojsk1vjhO1ocw2L9yE+7shpI=,tag:0de71eZjy8F/w0LQzOVAyg==,type:str]
|
||||||
binary-caches.json: ENC[AES256_GCM,data:pshvo/BxcIDXrWpW6jb1Hti8pqIEER+andBFpbOArKdaSb1LoVC45G+QwqLxjnDckiBeJm+refQE/x8i6QI0kYHcHEmX4iByvtcDM7RB6ZQSghTO0oqhi1blZRp+NjVdpgeti9VOkLPOYR+ruCDXeZmjt9fWnpGxC6ok5h5z5XLtq5xICy0DBl4VJXw3NwMnpIfj4vvczTP1TlUmP3GElHImRj6F59Vyw4jbTZRIqrib97x8nrO24t3P6RqooY0WHPR1sQXJebxCCO3TiJjxLHNtjLhJgez/O6Ou8CJx999wGvGmm3k8DzUDh94bnG12tal0PrPSJLdsQItpYqDPbK6f6R0wVmzcAywW22SCqk6kaCLGSDCYQRh3xGNsdmVfDQSJPjnAOJDNjJR5adoe8KPHIrc5eZiXjS9mJO7eYPX2IfkNHlM18NjT/Q716Ez9tnBatVb5+YKLlZMm+SSgWNxwZhBiQUvR3wdX3jOXIAjdfCGy4ocCffP05WC4YzjHo5E1EsOBN/cr5LfAS36XFwChHJ6iE4zjwsQe3X7jN9mlZdksBe8gEKFns2rr5IMmXG/enLdVjigRgDShNglP,iv:IOqba6lLXCEVZ+HNaH3uM4E3lbKzm8XCXlbAp6UPBIE=,tag:RX2d2UEWpZu48pW1UUaQcQ==,type:str]
|
binary-caches.json: ENC[AES256_GCM,data:pshvo/BxcIDXrWpW6jb1Hti8pqIEER+andBFpbOArKdaSb1LoVC45G+QwqLxjnDckiBeJm+refQE/x8i6QI0kYHcHEmX4iByvtcDM7RB6ZQSghTO0oqhi1blZRp+NjVdpgeti9VOkLPOYR+ruCDXeZmjt9fWnpGxC6ok5h5z5XLtq5xICy0DBl4VJXw3NwMnpIfj4vvczTP1TlUmP3GElHImRj6F59Vyw4jbTZRIqrib97x8nrO24t3P6RqooY0WHPR1sQXJebxCCO3TiJjxLHNtjLhJgez/O6Ou8CJx999wGvGmm3k8DzUDh94bnG12tal0PrPSJLdsQItpYqDPbK6f6R0wVmzcAywW22SCqk6kaCLGSDCYQRh3xGNsdmVfDQSJPjnAOJDNjJR5adoe8KPHIrc5eZiXjS9mJO7eYPX2IfkNHlM18NjT/Q716Ez9tnBatVb5+YKLlZMm+SSgWNxwZhBiQUvR3wdX3jOXIAjdfCGy4ocCffP05WC4YzjHo5E1EsOBN/cr5LfAS36XFwChHJ6iE4zjwsQe3X7jN9mlZdksBe8gEKFns2rr5IMmXG/enLdVjigRgDShNglP,iv:IOqba6lLXCEVZ+HNaH3uM4E3lbKzm8XCXlbAp6UPBIE=,tag:RX2d2UEWpZu48pW1UUaQcQ==,type:str]
|
||||||
hercules-secrets: ENC[AES256_GCM,data:CG4W3mfGHS1bS3aNKRJHWWUmT9F5KB3hCYWSpPZDSElb6J+jhiIKP+d9n81yZ1T1cH4LpkULR8rsu00ZULMdRfghCF+KG3dperxYsMahhU0CjUj5mhCKb+6UpGOct87qJ3ILydFtBnVfkv4ohAjOdlidNDRnf4Yc0XKz1srBtBr0pmPf9hKMPXScs3nR4ecrkZjhC61CBCAVEuoGD+C8xklgV+v1Bg3CqjK2Rhxyhg5PfNZNtue5V7Lhq9TrY0S/9N+Hw3YxjAo4qCBQmOdLcLyN7MYwTJUmlIrPDzFAyfbXLRZZR6xX7+ArlgUbGNMlV3FjLXZ2E2+Abxp/uJ2/QF/6eKc44jp82hF7wjjc1My3Z//sT3pZZas/dVe40n715CtkzN8bdBZw/fHxc61QhDMz4wBpQ+SPZLdiHZ67COAkw/XKBdym4GEziqWEuYrx1aEgj5k4+qXOFgjqKHXeT783ZK2YDTwtJieSy/2bQCsTYg2V1GUDPEjxPqptDSDVDlTbMJ05EHELQvKpWQ8/cuQonGHdA9ENldA43rHnL98VLuS+YLToM0LN2oUGfXElISTXtt+x2bfBvOrNwC28nVQTCo1pgQMMWI3Tn1u2VDETBq3/X5hgOh+wDvikFnQEmw+DDd/b7eA3B4i0u/fS33aHprqqsjKdaYPmeFtQ4KIY8ZCaj8CcReH8Xp48E4JklVS2/BaPRnv7TlHQAhYKD+KMlRub9pzhhwNpRlkum/v+q1g0ZVr7kVB8e7Y=,iv:+dILru8YNvl51tFGoOTtYwpaTbcuiujtkX4zTAzqDlg=,tag:N6VAPhSha/6cjZW/EvYKcw==,type:str]
|
hercules-secrets: ENC[AES256_GCM,data:ALuK/eGc2B3cXhAQjr5ZOcW0TaOraj+ZpwatF54XcTOgg49ezziXim0hUzgVbV96QMZVTkI/Fr8YobcL5oMvYXZijVit+OSrONbk703ygyogJslUKfHn0Wgho0XM/Jx/zvB2zEkLMr+UVc1lGRY+JsYT8Jx5bLrinGHzSWAHSquLVk+6tek9dqXZM2imiFMrzyUevUAUWywlqflEO3Fuos6TUEF5m0x9mqYD88nIqFfBewrJ9CuxMpLlVDDDdJBcqgdZ+m0ukQuwvx+bcY2jWwIZIx2rc3SitWQZfA2l37jRIZE7mCmZizu2V2o3xkH5MXvFgTLuItxwulNc9iFkragNXZ7D5iZMXpo+6JLZ9NR1TVAFXM+hvd0eqXqDVs+m7WjHWrO8B9yUNgYwVI29EImnqyjJ5ap+iOm0s2iQSE3od76U272VrViya3jTaV3es3nFWBxL8b+ofsey/RNAe2o7bCyUZzS0LlnH1GouAZnvh542hbPHu3TV8yoHobAxc83WO/pzw+qlRQH8tRi5MNZb0rpXCeLcXyVv18FS+9JGr10FEZ5x3rV/Jw5ZxcZptzBTjsy1zsa1SZz/bwds7mjt7MkpHEmsNLTE0QU52rX7kW1l1I3+ISB9kxdPEg0qA6/TmFqwa/NfaeigBw==,iv:uRMgAyeDZvtapc0hplLx+E1XA2N6+csPld0d833TTys=,tag:tdbRYkeTjURSxxDBNgjMSQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -70,8 +70,8 @@ sops:
|
||||||
QTh4K0xzYVgzWVcwNzJ6bHFncHNTNHMK/iAbmGaTunJefyKK/GQYYMzd1PY+hvOt
|
QTh4K0xzYVgzWVcwNzJ6bHFncHNTNHMK/iAbmGaTunJefyKK/GQYYMzd1PY+hvOt
|
||||||
i2SfjO8ZPXRkQcDxRa5EqOkKzpzBijjSsGGH04MprCBI6ysaJA+lEg==
|
i2SfjO8ZPXRkQcDxRa5EqOkKzpzBijjSsGGH04MprCBI6ysaJA+lEg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-03-14T02:45:18Z"
|
lastmodified: "2023-05-04T22:00:39Z"
|
||||||
mac: ENC[AES256_GCM,data:JaQ76rjVO15ksVAXtiVVpVzXFMhZwsOgX4HUOIKG2RfbxSFSWGK9wrJeSMe6y3Wm8sYHNaa17QQUoaOd6ym+QspjZocvN5XZB0xh+FruLxZ5Z6k2UPZLt0gtJcHEgvsaNEbY6rIuXs6uw6L3NdUVzles7c1GUvQJlaTkQMxxgwU=,iv:Urf97S2M27sxu3awAOa5++EV0IT27xQYLXqLCgWRRi4=,tag:GBJRRV7r7RatWBUZJTbw5Q==,type:str]
|
mac: ENC[AES256_GCM,data:D2smiMskdRdj/b5hE2matw82z1Kf4CZGGKaptt7zd77sCuK1TQ6Te8n89LJ5SdGQpUcfZ9eaPVutMLgLr0vJufaOwHo8BVSuyN7/EC9IeeeLrJygl1wYZzbVcWm9KW2YthYTj+n2RtAvS7VtuYUdSPk7oSG7Xs6XaBp5qtoxeBs=,iv:PrbJvAFDsxeWqce5aXC97d6IKr66Ao1qLfljE/EFufg=,tag:wVeBLqclaE4IpsFMLZHOeg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue