From 1aa931f6f1eb85b4f8358e7ed3706ed82d3048ca Mon Sep 17 00:00:00 2001 From: NAHO <90870942+trueNAHO@users.noreply.github.com> Date: Wed, 21 Aug 2024 16:42:29 +0200 Subject: [PATCH] ci: lock workflow dependencies to increase reproducibility Link: https://github.com/danth/stylix/pull/519 --- .github/workflows/check.yml | 12 ++++++------ .github/workflows/docs.yml | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 2162befd..4a67331e 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -13,23 +13,23 @@ permissions: jobs: evaluate: name: List packages - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main + uses: DeterminateSystems/nix-installer-action@v16 with: github-token: ${{ secrets.GITHUB_TOKEN }} extra-conf: | extra-experimental-features = nix-command flakes - name: Set up cache - uses: DeterminateSystems/magic-nix-cache-action@main + uses: DeterminateSystems/magic-nix-cache-action@v8 - name: List packages id: list-packages run: | - nix flake show github:${{ github.repository }}/${{ github.event.pull_request.head.sha || github.sha }} --json | jq -rc 'to_entries | map(.key as $type | select($type == "checks" or $type == "packages") | .value | to_entries | map(.key as $arch | select($arch == "x86_64-linux" or $arch == "x86_64-darwin") | .value | to_entries | map({type: $type, arch: $arch, os: (if $arch == "x86_64-linux" then "ubuntu-latest" else "macos-latest" end), key: .key})) | flatten) | flatten | "packages=\(.)"' >> $GITHUB_OUTPUT + nix flake show github:${{ github.repository }}/${{ github.event.pull_request.head.sha || github.sha }} --json | jq -rc 'to_entries | map(.key as $type | select($type == "checks" or $type == "packages") | .value | to_entries | map(.key as $arch | select($arch == "x86_64-linux" or $arch == "x86_64-darwin") | .value | to_entries | map({type: $type, arch: $arch, os: (if $arch == "x86_64-linux" then "ubuntu-22.04" else "macos-14" end), key: .key})) | flatten) | flatten | "packages=\(.)"' >> $GITHUB_OUTPUT outputs: packages: ${{ steps.list-packages.outputs.packages }} @@ -48,14 +48,14 @@ jobs: steps: - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main + uses: DeterminateSystems/nix-installer-action@v16 with: github-token: ${{ secrets.GITHUB_TOKEN }} extra-conf: | extra-experimental-features = nix-command flakes - name: Set up cache - uses: DeterminateSystems/magic-nix-cache-action@main + uses: DeterminateSystems/magic-nix-cache-action@v8 - name: Check ${{ matrix.check.key }} run: nix -L check github:${{ github.repository }}/${{ github.event.pull_request.head.sha || github.sha }}#${{ matrix.check.type }}.${{ matrix.check.arch }}.${{ matrix.check.key }} --no-update-lock-file diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 7f497115..f5e6a9e2 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -12,18 +12,18 @@ jobs: permissions: contents: read - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main + uses: DeterminateSystems/nix-installer-action@v16 with: github-token: ${{ secrets.GITHUB_TOKEN }} extra-conf: | extra-experimental-features = nix-command flakes - name: Set up cache - uses: DeterminateSystems/magic-nix-cache-action@main + uses: DeterminateSystems/magic-nix-cache-action@v8 - name: Build docs run: nix -L build github:${{ github.repository }}/${{ github.sha }}#docs @@ -49,7 +49,7 @@ jobs: name: github-pages url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Deploy docs to GitHub Pages