workflows/{pr,push}: init

[wolfgangwalther]

This series of commits introduces two wrapper workflows pr and push, which call most of the other workflows.

The primary goal here is, to give us a good base to enable "required status checks". Those work by looking for specific job names. With the old structure, we would have to add all the required jobs to the respective branch protection rule separately - and whenever we added or removed a job or just changed a required job's name, we'd risk blocking PRs from merging entirely. Those would always have to be kept in-sync. With the single "PR" workflow that is introduced here, there is another option: We can then just add a single job required-to-merge at the end of this new workflow. This would depend on all other jobs in there and thus only pass when all others do. We can then set up this single job for the branch protection rule. A loud enough comment near that job should prevent accidental renames. And we can easily add or remove jobs from the list of required jobs by adding needs to that job - without needing to touch the branch protection rules. Neither this "required to merge" job nor branch protection rules are introduced in this PR, yet.

There is also another future benefit that we can take advantage of: With this base, we can implement something to solve #406825 (comment) without artifact hackery.

On its own, this PR doesn't give us much except some cosmetics:

• I decided to split all the jobs up into 4 main groups:

  • Check: Not looking at the code at all, just at git stuff: Right target branch? Good cherry picks? Potentially also commit messages etc.
  • Lint: Static code analysis / formatting: treefmt, nixpkgs-vet, nix parse check.
  • Eval: Everything that evals, but doesn't build, yet.
  • Build: Everything that actually builds something. Manuals, lib-tests, shell.nix.

  This split gives us a nice consistent UI (see screenshot below). The status check names are prefixed accordingly and the summary page has collapsed items.

• In some cases, much shorter job names, which display much nicer in the graphical display in the summary page.

• A single summary page with all artifacts and all jobs listed - much better experience for PR authors. They don't need to click on the right job details, because almost all of them will lead them to the right page. Also easier to see from those summary pages which jobs for that PR failed together.

This also has one downside: It's harder to go through the "Actions" tab and search for failures of specific workflows. They are all grouped in the "PR" workflow now. I think this is outweighed by the ability to use required status checks, though. Heavily so.

The first commit is taken out of #414800 to ease rebasing once that's merged.

TODO:

• This needs adjustments in nixpkgs-review, because the Eval workflow to fetch the artifacts from is now PR. Support new "PR" workflow in nixpkgs Mic92/nixpkgs-review#500

Things done

• Tested in my fork.
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[philiptaron]

PR / Eval / Consistency perhaps? Or Coherence, as in how evaluation all holds together? I’m following a C theme with Comparison. Philip (on mobile)

[MattSturgeon]

I haven't yet gone through the diff in detail, but the concept LGTM

[wolfgangwalther]

I haven't yet gone through the diff in detail, but the concept LGTM

Cool. Once we all agree on the basic concept and also the name "PR" for the main workflow, we can go ahead with Mic92/nixpkgs-review#500, which will support both the current "Eval" and the new "PR". This will take a bit of time until released and available in nixpkgs, but should be done before merging this PR anyway.

[wolfgangwalther]

Rebased. The remaining pieces in here are now ready for review.

Note: Many Eval jobs will fail for the pull_request event. That's expected, because they try to fetch artifacts from the "PR" workflow, which didn't run on the target branch, yet.

nixpkgs-review 3.4.0 has been released with support for the "PR" workflow and has hit nixpkgs-unstable. Before merging this, we should wait for it to be in the pinned nixpkgs used for the dev shell and for it to be available in all channels:

• Needs to be merged: ci/pinned: update #416707 ✔️
• Needs to hit nixos-24.11: https://nixpk.gs/pr-tracker.html?pr=416490 ✔️
• Needs to hit nixos-25.05: https://nixpk.gs/pr-tracker.html?pr=416491 ✔️
• Needs to hit nixos-unstable: https://nixpk.gs/pr-tracker.html?pr=416457 ✔️

[wolfgangwalther]

nixpkgs-review v3.4.0 is available on all channels. I rebased and did a smoke test in my fork again, all good.

I plan to merge this at some point tomorrow to be able to keep an eye open on the pipelines just in case. Unless somebody with open eyes beats me to it :)

[MattSturgeon]

Nothing screaming out at me in the diff, so 🤞

If there are major issues we can revert and try again, of course.

I had one documentation nit pending, from when I started reviewing the other day. Feel free to ignore.

[nixpkgs-ci]

Successfully created backport PR for release-24.11:

• [Backport release-24.11] workflows/{pr,push}: init #417826

[nixpkgs-ci]

Successfully created backport PR for release-25.05:

• [Backport release-25.05] workflows/{pr,push}: init #417827