From 62e05e2f5b6d9f04fa5affcc15192f8461b20284 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 11 Dec 2025 12:01:21 +0100 Subject: [PATCH] ci: tag commit as stable after full test matrix - add mark-stable workflow that runs on workflow_run for all test pipelines - use GitHub API to ensure all required workflows succeeded before moving the 'stable' tag - add Nix flake.lock to pin nixpkgs for reproducible builds https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236 --- .github/workflows/mark-stable.yml | 99 +++++++++++++++++++++++++++++++ flake.lock | 27 +++++++++ result | 1 + 3 files changed, 127 insertions(+) create mode 100644 .github/workflows/mark-stable.yml create mode 100644 flake.lock create mode 120000 result diff --git a/.github/workflows/mark-stable.yml b/.github/workflows/mark-stable.yml new file mode 100644 index 0000000..df00eb7 --- /dev/null +++ b/.github/workflows/mark-stable.yml @@ -0,0 +1,99 @@ +name: Mark stable commit + +on: + workflow_run: + workflows: + - Test Units + - Test Code Integration + - Test OS Containers + - Test End-To-End + - Test Virgin User + - Test Virgin Root + types: + - completed + +jobs: + mark-stable: + # only run if the triggering workflow succeeded AND it ran on main + if: > + github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.head_branch == 'main' + runs-on: ubuntu-latest + + permissions: + contents: write # required to push tags + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 # required for accessing tags/history + + - name: Install jq and gh (if needed) + run: | + sudo apt-get update -y + sudo apt-get install -y jq gh || true + + - name: Check all required workflow results for this commit + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SHA: ${{ github.event.workflow_run.head_sha }} + REPO: ${{ github.repository }} + run: | + set -euo pipefail + + echo "Checking workflow results for commit: $SHA" + + required_workflows=( + "Test Units" + "Test Code Integration" + "Test OS Containers" + "Test End-To-End" + "Test Virgin User" + "Test Virgin Root" + ) + + # Fetch all workflow runs for this commit + json=$(gh api \ + repos/"$REPO"/actions/runs \ + -F head_sha="$SHA" \ + -F per_page=100) + + for wf in "${required_workflows[@]}"; do + conclusion=$(printf '%s\n' "$json" | jq -r --arg name "$wf" ' + .workflow_runs[] + | select(.name == $name) + | .conclusion + ' | head -n1) + + if [[ -z "$conclusion" || "$conclusion" == "null" ]]; then + echo "Workflow '$wf' has no run for this commit yet. Exiting." + exit 0 + fi + + if [[ "$conclusion" != "success" ]]; then + echo "Workflow '$wf' did not succeed (conclusion='$conclusion'). Exiting." + exit 0 + fi + done + + echo "All workflows succeeded for commit $SHA — marking as stable." + + - name: Move 'stable' tag to this commit + env: + SHA: ${{ github.event.workflow_run.head_sha }} + run: | + set -euo pipefail + + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + echo "Updating 'stable' tag to point to $SHA" + + if git rev-parse stable >/dev/null 2>&1; then + git tag -d stable || true + fi + git push origin :refs/tags/stable || true + + git tag stable "$SHA" + git push origin stable diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..8a30674 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/result b/result new file mode 120000 index 0000000..e420327 --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/g7qdpbkixm3yzc41nlz4dvsrq92jsmqb-package-manager-0.9.1 \ No newline at end of file