4177297b14
For reproducibility.
Command:
```shell
for file in .github/workflows/*.y*ml; do
npx pin-github-action --comment=' {ref}' "$file"
done
```
Then had to manually replace all the versions with accurate specifiers
(for example, "v4" → "v4.1.1" in case of `actions/checkout`).
33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
name: "Build Nixpkgs manual"
|
|
|
|
permissions: read-all
|
|
|
|
on:
|
|
pull_request_target:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- 'doc/**'
|
|
- 'lib/**'
|
|
|
|
jobs:
|
|
nixpkgs:
|
|
runs-on: ubuntu-latest
|
|
if: github.repository_owner == 'NixOS'
|
|
steps:
|
|
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
# pull_request_target checks out the base branch by default
|
|
ref: refs/pull/${{ github.event.pull_request.number }}/merge
|
|
- uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v24
|
|
with:
|
|
# explicitly enable sandbox
|
|
extra_nix_config: sandbox = true
|
|
- uses: cachix/cachix-action@6a9a34cdd93d0ae4b4b59fd678660efb08109f2f # v13
|
|
with:
|
|
# This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.
|
|
name: nixpkgs-ci
|
|
signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
|
|
- name: Building Nixpkgs manual
|
|
run: NIX_PATH=nixpkgs=$(pwd) nix-build --option restrict-eval true pkgs/top-level/release.nix -A manual
|