From 9f4a56abfa69ee4b5c97ac36d99bff36bfe5eff4 Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:02:43 +0100 Subject: [PATCH 1/9] Add auto merge workflow [ghstack-poisoned] --- .github/workflows/main.yaml | 22 +++++++++++++ modules/devenv/shikanime-studio.nix | 48 +++++++++++++++++++++++------ 2 files changed, 61 insertions(+), 9 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index d2b557b..1ec2a30 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -16,6 +16,28 @@ jobs: github-token: ${{ steps.createGithubAppToken.outputs.token }} - uses: shikanime-studio/direnv-action@v2 - run: nix flake check --accept-flake-config --all-systems --no-pure-eval + merge: + if: contains(github.event.pull_request.labels.*.name, 'dependencies') + needs: + - check + runs-on: ubuntu-latest + steps: + - id: createGithubAppToken + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.OPERATOR_APP_ID }} + private-key: ${{ secrets.OPERATOR_PRIVATE_KEY }} + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + token: ${{ steps.createGithubAppToken.outputs.token }} + - uses: shikanime-studio/setup-nix-action@v1 + with: + github-token: ${{ steps.createGithubAppToken.outputs.token }} + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} + run: nix run nixpkgs#sapling -- ghstack merge "$PR_HTML_URL" name: Main "on": pull_request: diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index 46e75f6..e17fbb6 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -208,6 +208,22 @@ with lib; "with".github-token = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; }; + sapling-ghstack-merge = { + env = { + GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; + PR_HTML_URL = mkWorkflowRef "github.event.issue.pull_request.html_url"; + }; + run = mkWorkflowRun [ + "nix" + "run" + "nixpkgs#sapling" + "--" + "ghstack" + "land" + ''"$PR_HTML_URL"'' + ]; + }; + stale = { uses = "actions/stale@v10"; "with" = { @@ -252,15 +268,29 @@ with lib; "gh/*/*/base" ]; }; - jobs.check = { - runs-on = "ubuntu-latest"; - steps = with config.github.actions; [ - create-github-app-token - checkout - setup-nix - direnv - nix-flake-check - ]; + jobs = { + check = { + runs-on = "ubuntu-latest"; + steps = with config.github.actions; [ + create-github-app-token + checkout + setup-nix + direnv + nix-flake-check + ]; + }; + + merge = { + "if" = "contains(github.event.pull_request.labels.*.name, 'dependencies')"; + needs = [ "check" ]; + runs-on = "ubuntu-latest"; + steps = with config.github.actions; [ + create-github-app-token + checkout + setup-nix + sapling-ghstack-merge + ]; + }; }; }; }; From a33d999d5cf62179a03d2fb7bf39267b3df1d484 Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:07:59 +0100 Subject: [PATCH 2/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .github/workflows/main.yaml | 3 ++- .github/workflows/triage.yaml | 7 ++++++ modules/devenv/shikanime-studio.nix | 35 +++++++++++++++++++++++------ 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 1ec2a30..3fd39e3 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -37,7 +37,8 @@ jobs: - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} - run: nix run nixpkgs#sapling -- ghstack merge "$PR_HTML_URL" + if: contains(github.event.issue.labels.*.name, 'ghstack') + run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" name: Main "on": pull_request: diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml index d60a7b9..433fa4c 100644 --- a/.github/workflows/triage.yaml +++ b/.github/workflows/triage.yaml @@ -43,6 +43,13 @@ jobs: github.event.pull_request.user.login == 'yorha-operator-6o[bot]' || github.event.pull_request.user.login == 'dependabot[bot]' run: gh pr edit "$PR_NUMBER" --add-label dependencies + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_NUMBER: ${{ github.event.pull_request.number }} + if: + startsWith(github.event.pull_request.head.ref, 'gh/') && !endsWith(github.event.pull_request.head.ref, + '/head') + run: gh pr edit "$PR_NUMBER" --add-label ghstack name: Triage "on": check_suite: diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index e17fbb6..da0cd07 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -89,7 +89,7 @@ with lib; enable = mkDefault true; actions = with config.github.lib; { - add-labels = { + add-dependencies-labels = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; PR_NUMBER = mkWorkflowRef "github.event.pull_request.number"; @@ -108,6 +108,25 @@ with lib; ]; }; + add-ghstack-labels = { + env = { + GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; + PR_NUMBER = mkWorkflowRef "github.event.pull_request.number"; + }; + "if" = concatStringsSep " && " [ + "startsWith(github.event.pull_request.head.ref, 'gh/')" + "!endsWith(github.event.pull_request.head.ref, '/head')" + ]; + run = mkWorkflowRun [ + "gh" + "pr" + "edit" + ''"$PR_NUMBER"'' + "--add-label" + "ghstack" + ]; + }; + cleanup = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; @@ -203,16 +222,12 @@ with lib; }; }; - setup-nix = { - uses = "shikanime-studio/setup-nix-action@v1"; - "with".github-token = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; - }; - sapling-ghstack-merge = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; PR_HTML_URL = mkWorkflowRef "github.event.issue.pull_request.html_url"; }; + "if" = "contains(github.event.issue.labels.*.name, 'ghstack')"; run = mkWorkflowRun [ "nix" "run" @@ -224,6 +239,11 @@ with lib; ]; }; + setup-nix = { + uses = "shikanime-studio/setup-nix-action@v1"; + "with".github-token = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; + }; + stale = { uses = "actions/stale@v10"; "with" = { @@ -343,7 +363,8 @@ with lib; steps = with config.github.actions; [ create-github-app-token checkout - add-labels + add-dependencies-labels + add-ghstack-labels ]; }; From cd12513d52e86225e69849f4cfd6f400b857434a Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:16:24 +0100 Subject: [PATCH 3/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .../{main.yaml => pull_request.yaml} | 6 +- .github/workflows/push.yaml | 28 +++++++++ .github/workflows/triage.yaml | 15 +++-- modules/devenv/shikanime-studio.nix | 58 +++++++++++++++---- 4 files changed, 86 insertions(+), 21 deletions(-) rename .github/workflows/{main.yaml => pull_request.yaml} (96%) create mode 100644 .github/workflows/push.yaml diff --git a/.github/workflows/main.yaml b/.github/workflows/pull_request.yaml similarity index 96% rename from .github/workflows/main.yaml rename to .github/workflows/pull_request.yaml index 3fd39e3..179efb9 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/pull_request.yaml @@ -39,13 +39,9 @@ jobs: PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} if: contains(github.event.issue.labels.*.name, 'ghstack') run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" -name: Main +name: Pull Request "on": pull_request: branches: - main - gh/*/*/base - push: - branches: - - main - - release-* diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml new file mode 100644 index 0000000..b098c7f --- /dev/null +++ b/.github/workflows/push.yaml @@ -0,0 +1,28 @@ +jobs: + check: + runs-on: ubuntu-latest + steps: + - id: createGithubAppToken + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.OPERATOR_APP_ID }} + private-key: ${{ secrets.OPERATOR_PRIVATE_KEY }} + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + token: ${{ steps.createGithubAppToken.outputs.token }} + - uses: shikanime-studio/setup-nix-action@v1 + with: + github-token: ${{ steps.createGithubAppToken.outputs.token }} + - uses: shikanime-studio/direnv-action@v2 + - run: nix flake check --accept-flake-config --all-systems --no-pure-eval +name: Push +"on": + pull_request: + branches: + - main + - gh/*/*/base + push: + branches: + - main + - release-* diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml index 433fa4c..c70b256 100644 --- a/.github/workflows/triage.yaml +++ b/.github/workflows/triage.yaml @@ -17,12 +17,17 @@ jobs: PR_BASE_REF: ${{ github.event.pull_request.base.ref }} PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} REPO: ${{ github.repository }} + if: "!contains(github.event.pull_request.labels.*.name, 'ghstack')" + run: git push origin --delete $PR_HEAD_REF + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_BASE_REF: ${{ github.event.pull_request.base.ref }} + PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + REPO: ${{ github.repository }} + if: contains(github.event.pull_request.labels.*.name, 'ghstack') run: - "if [[ \"$PR_HEAD_REF\" =~ ^gh/[^/]+/[^/]+/head$ && \"$PR_BASE_REF\" =~\ - \ ^gh/[^/]+/[^/]+/base$ && \"${PR_HEAD_REF%/head}\" == \"${PR_BASE_REF%/base}\"\ - \ ]]; then\n for role in base head orig; do\n git push origin --delete\ - \ \"${PR_HEAD_REF%/head}/$role\" || true\n done\nelse\n git push origin\ - \ --delete \"$PR_HEAD_REF\" || true\nfi\n" + "for role in base head orig; do\n git push origin --delete \"${PR_HEAD_REF%/head}/$role\"\ + \ || true\ndone\n" labels: if: github.event.action == 'opened' runs-on: ubuntu-latest diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index da0cd07..f63ce1d 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -127,21 +127,35 @@ with lib; ]; }; - cleanup = { + cleanup-pr = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; PR_BASE_REF = mkWorkflowRef "github.event.pull_request.base.ref"; PR_HEAD_REF = mkWorkflowRef "github.event.pull_request.head.ref"; REPO = mkWorkflowRef "github.repository"; }; + "if" = "!contains(github.event.pull_request.labels.*.name, 'ghstack')"; + run = mkWorkflowRun [ + "git" + "push" + "origin" + "--delete" + "$PR_HEAD_REF" + ]; + }; + + cleanup-ghstack = { + env = { + GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; + PR_BASE_REF = mkWorkflowRef "github.event.pull_request.base.ref"; + PR_HEAD_REF = mkWorkflowRef "github.event.pull_request.head.ref"; + REPO = mkWorkflowRef "github.repository"; + }; + "if" = "contains(github.event.pull_request.labels.*.name, 'ghstack')"; run = '' - if [[ "$PR_HEAD_REF" =~ ^gh/[^/]+/[^/]+/head$ && "$PR_BASE_REF" =~ ^gh/[^/]+/[^/]+/base$ && "''${PR_HEAD_REF%/head}" == "''${PR_BASE_REF%/base}" ]]; then - for role in base head orig; do - git push origin --delete "''${PR_HEAD_REF%/head}/$role" || true - done - else - git push origin --delete "$PR_HEAD_REF" || true - fi + for role in base head orig; do + git push origin --delete "''${PR_HEAD_REF%/head}/$role" || true + done ''; }; @@ -274,10 +288,10 @@ with lib; }; }; - main = { + push = { enable = mkDefault true; settings = { - name = "Main"; + name = "Push"; on = { push.branches = [ "main" @@ -288,6 +302,27 @@ with lib; "gh/*/*/base" ]; }; + jobs.check = { + runs-on = "ubuntu-latest"; + steps = with config.github.actions; [ + create-github-app-token + checkout + setup-nix + direnv + nix-flake-check + ]; + }; + }; + }; + + pull_request = { + enable = mkDefault true; + settings = { + name = "Pull Request"; + on.pull_request.branches = [ + "main" + "gh/*/*/base" + ]; jobs = { check = { runs-on = "ubuntu-latest"; @@ -374,7 +409,8 @@ with lib; steps = with config.github.actions; [ create-github-app-token checkout - cleanup + cleanup-pr + cleanup-ghstack ]; }; }; From cf5a4a5743c75b1e60882ec6152dd86f273f91e3 Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:24:19 +0100 Subject: [PATCH 4/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .github/workflows/cleanup.yaml | 37 +++++++++++ .../{triage.yaml => integration.yaml} | 40 +++++------ .github/workflows/pull_request.yaml | 47 ------------- modules/devenv/shikanime-studio.nix | 66 ++++++++----------- 4 files changed, 81 insertions(+), 109 deletions(-) create mode 100644 .github/workflows/cleanup.yaml rename .github/workflows/{triage.yaml => integration.yaml} (64%) delete mode 100644 .github/workflows/pull_request.yaml diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml new file mode 100644 index 0000000..b16e3b3 --- /dev/null +++ b/.github/workflows/cleanup.yaml @@ -0,0 +1,37 @@ +jobs: + cleanup: + runs-on: ubuntu-latest + steps: + - id: createGithubAppToken + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.OPERATOR_APP_ID }} + private-key: ${{ secrets.OPERATOR_PRIVATE_KEY }} + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + token: ${{ steps.createGithubAppToken.outputs.token }} + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_BASE_REF: ${{ github.event.pull_request.base.ref }} + PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + REPO: ${{ github.repository }} + if: "!contains(github.event.pull_request.labels.*.name, 'ghstack')" + run: git push origin --delete "$PR_HEAD_REF" + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_BASE_REF: ${{ github.event.pull_request.base.ref }} + PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + REPO: ${{ github.repository }} + if: contains(github.event.pull_request.labels.*.name, 'ghstack') + run: + "for role in base head orig; do\n git push origin --delete \"${PR_HEAD_REF%/head}/$role\"\ + \ || true\ndone\n" +name: Cleanup +"on": + check_suite: + types: + - completed + pull_request: + types: + - closed diff --git a/.github/workflows/triage.yaml b/.github/workflows/integration.yaml similarity index 64% rename from .github/workflows/triage.yaml rename to .github/workflows/integration.yaml index c70b256..db61602 100644 --- a/.github/workflows/triage.yaml +++ b/.github/workflows/integration.yaml @@ -1,6 +1,7 @@ jobs: - cleanup: - if: github.event.action == 'closed' + integration: + needs: + - labels runs-on: ubuntu-latest steps: - id: createGithubAppToken @@ -12,22 +13,18 @@ jobs: with: fetch-depth: 0 token: ${{ steps.createGithubAppToken.outputs.token }} + - uses: shikanime-studio/setup-nix-action@v1 + with: + github-token: ${{ steps.createGithubAppToken.outputs.token }} + - uses: shikanime-studio/direnv-action@v2 + - run: nix flake check --accept-flake-config --all-systems --no-pure-eval - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_BASE_REF: ${{ github.event.pull_request.base.ref }} - PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} - REPO: ${{ github.repository }} - if: "!contains(github.event.pull_request.labels.*.name, 'ghstack')" - run: git push origin --delete $PR_HEAD_REF - - env: - GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_BASE_REF: ${{ github.event.pull_request.base.ref }} - PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} - REPO: ${{ github.repository }} - if: contains(github.event.pull_request.labels.*.name, 'ghstack') - run: - "for role in base head orig; do\n git push origin --delete \"${PR_HEAD_REF%/head}/$role\"\ - \ || true\ndone\n" + PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} + if: + contains(github.event.pull_request.labels.*.name, 'dependencies') && contains(github.event.issue.labels.*.name, + 'ghstack') + run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" labels: if: github.event.action == 'opened' runs-on: ubuntu-latest @@ -55,12 +52,9 @@ jobs: startsWith(github.event.pull_request.head.ref, 'gh/') && !endsWith(github.event.pull_request.head.ref, '/head') run: gh pr edit "$PR_NUMBER" --add-label ghstack -name: Triage +name: Integration "on": - check_suite: - types: - - completed pull_request: - types: - - closed - - opened + branches: + - main + - gh/*/*/base diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml deleted file mode 100644 index 179efb9..0000000 --- a/.github/workflows/pull_request.yaml +++ /dev/null @@ -1,47 +0,0 @@ -jobs: - check: - runs-on: ubuntu-latest - steps: - - id: createGithubAppToken - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ vars.OPERATOR_APP_ID }} - private-key: ${{ secrets.OPERATOR_PRIVATE_KEY }} - - uses: actions/checkout@v6 - with: - fetch-depth: 0 - token: ${{ steps.createGithubAppToken.outputs.token }} - - uses: shikanime-studio/setup-nix-action@v1 - with: - github-token: ${{ steps.createGithubAppToken.outputs.token }} - - uses: shikanime-studio/direnv-action@v2 - - run: nix flake check --accept-flake-config --all-systems --no-pure-eval - merge: - if: contains(github.event.pull_request.labels.*.name, 'dependencies') - needs: - - check - runs-on: ubuntu-latest - steps: - - id: createGithubAppToken - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ vars.OPERATOR_APP_ID }} - private-key: ${{ secrets.OPERATOR_PRIVATE_KEY }} - - uses: actions/checkout@v6 - with: - fetch-depth: 0 - token: ${{ steps.createGithubAppToken.outputs.token }} - - uses: shikanime-studio/setup-nix-action@v1 - with: - github-token: ${{ steps.createGithubAppToken.outputs.token }} - - env: - GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} - if: contains(github.event.issue.labels.*.name, 'ghstack') - run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" -name: Pull Request -"on": - pull_request: - branches: - - main - - gh/*/*/base diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index f63ce1d..be0d809 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -140,7 +140,7 @@ with lib; "push" "origin" "--delete" - "$PR_HEAD_REF" + ''"$PR_HEAD_REF"'' ]; }; @@ -236,12 +236,15 @@ with lib; }; }; - sapling-ghstack-merge = { + ghstack-merge = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; PR_HTML_URL = mkWorkflowRef "github.event.issue.pull_request.html_url"; }; - "if" = "contains(github.event.issue.labels.*.name, 'ghstack')"; + "if" = concatStringsSep " && " [ + "contains(github.event.pull_request.labels.*.name, 'dependencies')" + "contains(github.event.issue.labels.*.name, 'ghstack')" + ]; run = mkWorkflowRun [ "nix" "run" @@ -315,35 +318,35 @@ with lib; }; }; - pull_request = { + integration = { enable = mkDefault true; settings = { - name = "Pull Request"; + name = "Integration"; on.pull_request.branches = [ "main" "gh/*/*/base" ]; jobs = { - check = { + labels = { + "if" = "github.event.action == 'opened'"; runs-on = "ubuntu-latest"; steps = with config.github.actions; [ create-github-app-token checkout - setup-nix - direnv - nix-flake-check + add-dependencies-labels + add-ghstack-labels ]; }; - - merge = { - "if" = "contains(github.event.pull_request.labels.*.name, 'dependencies')"; - needs = [ "check" ]; + integration = { + needs = [ "labels" ]; runs-on = "ubuntu-latest"; steps = with config.github.actions; [ create-github-app-token checkout setup-nix - sapling-ghstack-merge + direnv + nix-flake-check + ghstack-merge ]; }; }; @@ -380,39 +383,24 @@ with lib; }; }; - triage = { + cleanup = { enable = mkDefault true; settings = { - name = "Triage"; + name = "Cleanup"; on = { pull_request.types = [ "closed" - "opened" ]; check_suite.types = [ "completed" ]; }; - jobs = { - labels = { - "if" = "github.event.action == 'opened'"; - runs-on = "ubuntu-latest"; - steps = with config.github.actions; [ - create-github-app-token - checkout - add-dependencies-labels - add-ghstack-labels - ]; - }; - - cleanup = { - "if" = "github.event.action == 'closed'"; - runs-on = "ubuntu-latest"; - steps = with config.github.actions; [ - create-github-app-token - checkout - cleanup-pr - cleanup-ghstack - ]; - }; + jobs.cleanup = { + runs-on = "ubuntu-latest"; + steps = with config.github.actions; [ + create-github-app-token + checkout + cleanup-pr + cleanup-ghstack + ]; }; }; }; From ea7ce6d4c30199a3ede089dcc8f55bf1bf0efc14 Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:30:27 +0100 Subject: [PATCH 5/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .github/workflows/integration.yaml | 40 +++++++++++++---- modules/devenv/shikanime-studio.nix | 70 ++++++++++++++++++++--------- 2 files changed, 81 insertions(+), 29 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index db61602..3882f88 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -1,5 +1,5 @@ jobs: - integration: + check: needs: - labels runs-on: ubuntu-latest @@ -18,13 +18,6 @@ jobs: github-token: ${{ steps.createGithubAppToken.outputs.token }} - uses: shikanime-studio/direnv-action@v2 - run: nix flake check --accept-flake-config --all-systems --no-pure-eval - - env: - GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} - if: - contains(github.event.pull_request.labels.*.name, 'dependencies') && contains(github.event.issue.labels.*.name, - 'ghstack') - run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" labels: if: github.event.action == 'opened' runs-on: ubuntu-latest @@ -52,6 +45,37 @@ jobs: startsWith(github.event.pull_request.head.ref, 'gh/') && !endsWith(github.event.pull_request.head.ref, '/head') run: gh pr edit "$PR_NUMBER" --add-label ghstack + merge: + needs: + - check + runs-on: ubuntu-latest + steps: + - id: createGithubAppToken + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.OPERATOR_APP_ID }} + private-key: ${{ secrets.OPERATOR_PRIVATE_KEY }} + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + token: ${{ steps.createGithubAppToken.outputs.token }} + - uses: shikanime-studio/setup-nix-action@v1 + with: + github-token: ${{ steps.createGithubAppToken.outputs.token }} + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} + if: + contains(github.event.pull_request.labels.*.name, 'dependencies') && contains(github.event.issue.labels.*.name, + 'ghstack') + run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} + if: + contains(github.event.pull_request.labels.*.name, 'dependencies') && !contains(github.event.issue.labels.*.name, + 'ghstack') + run: gh pr merge --auto "$PR_HTML_URL" name: Integration "on": pull_request: diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index be0d809..733470a 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -216,26 +216,6 @@ with lib; }; }; - nix-flake-check.run = mkWorkflowRun [ - "nix" - "flake" - "check" - "--accept-flake-config" - "--all-systems" - "--no-pure-eval" - ]; - - sapling = { - uses = "shikanime-studio/sapling-action@v5"; - "with" = { - github-token = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; - gpg-passphrase = mkWorkflowRef "secrets.GPG_PASSPHRASE"; - gpg-private-key = mkWorkflowRef "secrets.GPG_PRIVATE_KEY"; - sign-commits = true; - username = "Operator 6O "; - }; - }; - ghstack-merge = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; @@ -256,6 +236,44 @@ with lib; ]; }; + pr-merge = { + env = { + GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; + PR_HTML_URL = mkWorkflowRef "github.event.issue.pull_request.html_url"; + }; + "if" = concatStringsSep " && " [ + "contains(github.event.pull_request.labels.*.name, 'dependencies')" + "!contains(github.event.issue.labels.*.name, 'ghstack')" + ]; + run = mkWorkflowRun [ + "gh" + "pr" + "merge" + "--auto" + ''"$PR_HTML_URL"'' + ]; + }; + + nix-flake-check.run = mkWorkflowRun [ + "nix" + "flake" + "check" + "--accept-flake-config" + "--all-systems" + "--no-pure-eval" + ]; + + sapling = { + uses = "shikanime-studio/sapling-action@v5"; + "with" = { + github-token = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; + gpg-passphrase = mkWorkflowRef "secrets.GPG_PASSPHRASE"; + gpg-private-key = mkWorkflowRef "secrets.GPG_PRIVATE_KEY"; + sign-commits = true; + username = "Operator 6O "; + }; + }; + setup-nix = { uses = "shikanime-studio/setup-nix-action@v1"; "with".github-token = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; @@ -337,7 +355,7 @@ with lib; add-ghstack-labels ]; }; - integration = { + check = { needs = [ "labels" ]; runs-on = "ubuntu-latest"; steps = with config.github.actions; [ @@ -346,7 +364,17 @@ with lib; setup-nix direnv nix-flake-check + ]; + }; + merge = { + needs = [ "check" ]; + runs-on = "ubuntu-latest"; + steps = with config.github.actions; [ + create-github-app-token + checkout + setup-nix ghstack-merge + pr-merge ]; }; }; From 44742c7e3cb2d9b7fe4ba46af5909c0cc662683e Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:34:27 +0100 Subject: [PATCH 6/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .github/workflows/integration.yaml | 1 - .github/workflows/push.yaml | 4 ---- modules/devenv/shikanime-studio.nix | 5 ----- 3 files changed, 10 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 3882f88..04fd875 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -19,7 +19,6 @@ jobs: - uses: shikanime-studio/direnv-action@v2 - run: nix flake check --accept-flake-config --all-systems --no-pure-eval labels: - if: github.event.action == 'opened' runs-on: ubuntu-latest steps: - id: createGithubAppToken diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index b098c7f..b883f73 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -18,10 +18,6 @@ jobs: - run: nix flake check --accept-flake-config --all-systems --no-pure-eval name: Push "on": - pull_request: - branches: - - main - - gh/*/*/base push: branches: - main diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index 733470a..6994295 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -318,10 +318,6 @@ with lib; "main" "release-*" ]; - pull_request.branches = [ - "main" - "gh/*/*/base" - ]; }; jobs.check = { runs-on = "ubuntu-latest"; @@ -346,7 +342,6 @@ with lib; ]; jobs = { labels = { - "if" = "github.event.action == 'opened'"; runs-on = "ubuntu-latest"; steps = with config.github.actions; [ create-github-app-token From 5de9f79dc581f540262f9ac9791692cacbef909b Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:41:20 +0100 Subject: [PATCH 7/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .github/workflows/cleanup.yaml | 12 ++++++------ .github/workflows/integration.yaml | 4 +--- modules/devenv/shikanime-studio.nix | 16 ++++++++-------- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml index b16e3b3..14a5d49 100644 --- a/.github/workflows/cleanup.yaml +++ b/.github/workflows/cleanup.yaml @@ -12,20 +12,20 @@ jobs: fetch-depth: 0 token: ${{ steps.createGithubAppToken.outputs.token }} - env: + BASE_REF: ${{ github.base_ref }} GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_BASE_REF: ${{ github.event.pull_request.base.ref }} - PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + HEAD_REF: ${{ github.head_ref }} REPO: ${{ github.repository }} if: "!contains(github.event.pull_request.labels.*.name, 'ghstack')" - run: git push origin --delete "$PR_HEAD_REF" + run: git push origin --delete "$HEAD_REF" - env: + BASE_REF: ${{ github.base_ref }} GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_BASE_REF: ${{ github.event.pull_request.base.ref }} - PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} + HEAD_REF: ${{ github.head_ref }} REPO: ${{ github.repository }} if: contains(github.event.pull_request.labels.*.name, 'ghstack') run: - "for role in base head orig; do\n git push origin --delete \"${PR_HEAD_REF%/head}/$role\"\ + "for role in base head orig; do\n git push origin --delete \"${HEAD_REF%/head}/$role\"\ \ || true\ndone\n" name: Cleanup "on": diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 04fd875..2da47c5 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -40,9 +40,7 @@ jobs: - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} PR_NUMBER: ${{ github.event.pull_request.number }} - if: - startsWith(github.event.pull_request.head.ref, 'gh/') && !endsWith(github.event.pull_request.head.ref, - '/head') + if: startsWith(github.head_ref, 'gh/') && !endsWith(github.head_ref, '/head') run: gh pr edit "$PR_NUMBER" --add-label ghstack merge: needs: diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index 6994295..b52037c 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -114,8 +114,8 @@ with lib; PR_NUMBER = mkWorkflowRef "github.event.pull_request.number"; }; "if" = concatStringsSep " && " [ - "startsWith(github.event.pull_request.head.ref, 'gh/')" - "!endsWith(github.event.pull_request.head.ref, '/head')" + "startsWith(github.head_ref, 'gh/')" + "!endsWith(github.head_ref, '/head')" ]; run = mkWorkflowRun [ "gh" @@ -130,8 +130,8 @@ with lib; cleanup-pr = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; - PR_BASE_REF = mkWorkflowRef "github.event.pull_request.base.ref"; - PR_HEAD_REF = mkWorkflowRef "github.event.pull_request.head.ref"; + BASE_REF = mkWorkflowRef "github.base_ref"; + HEAD_REF = mkWorkflowRef "github.head_ref"; REPO = mkWorkflowRef "github.repository"; }; "if" = "!contains(github.event.pull_request.labels.*.name, 'ghstack')"; @@ -140,21 +140,21 @@ with lib; "push" "origin" "--delete" - ''"$PR_HEAD_REF"'' + ''"$HEAD_REF"'' ]; }; cleanup-ghstack = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; - PR_BASE_REF = mkWorkflowRef "github.event.pull_request.base.ref"; - PR_HEAD_REF = mkWorkflowRef "github.event.pull_request.head.ref"; + BASE_REF = mkWorkflowRef "github.base_ref"; + HEAD_REF = mkWorkflowRef "github.head_ref"; REPO = mkWorkflowRef "github.repository"; }; "if" = "contains(github.event.pull_request.labels.*.name, 'ghstack')"; run = '' for role in base head orig; do - git push origin --delete "''${PR_HEAD_REF%/head}/$role" || true + git push origin --delete "''${HEAD_REF%/head}/$role" || true done ''; }; From eb166a06737962c70f7b94392fd3e8a5360eb060 Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:44:08 +0100 Subject: [PATCH 8/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .github/workflows/integration.yaml | 53 ++++++++++++++++------------- modules/devenv/shikanime-studio.nix | 24 +++++++++++-- 2 files changed, 52 insertions(+), 25 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 2da47c5..62c4e50 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -1,7 +1,7 @@ jobs: check: needs: - - labels + - triage runs-on: ubuntu-latest steps: - id: createGithubAppToken @@ -18,7 +18,9 @@ jobs: github-token: ${{ steps.createGithubAppToken.outputs.token }} - uses: shikanime-studio/direnv-action@v2 - run: nix flake check --accept-flake-config --all-systems --no-pure-eval - labels: + merge: + needs: + - check runs-on: ubuntu-latest steps: - id: createGithubAppToken @@ -30,21 +32,24 @@ jobs: with: fetch-depth: 0 token: ${{ steps.createGithubAppToken.outputs.token }} + - uses: shikanime-studio/setup-nix-action@v1 + with: + github-token: ${{ steps.createGithubAppToken.outputs.token }} - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_NUMBER: ${{ github.event.pull_request.number }} + PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} if: - github.event.pull_request.user.login == 'yorha-operator-6o[bot]' || github.event.pull_request.user.login - == 'dependabot[bot]' - run: gh pr edit "$PR_NUMBER" --add-label dependencies + contains(github.event.pull_request.labels.*.name, 'dependencies') && contains(github.event.issue.labels.*.name, + 'ghstack') + run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_NUMBER: ${{ github.event.pull_request.number }} - if: startsWith(github.head_ref, 'gh/') && !endsWith(github.head_ref, '/head') - run: gh pr edit "$PR_NUMBER" --add-label ghstack - merge: - needs: - - check + PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} + if: + contains(github.event.pull_request.labels.*.name, 'dependencies') && !contains(github.event.issue.labels.*.name, + 'ghstack') + run: gh pr merge --auto "$PR_HTML_URL" + triage: runs-on: ubuntu-latest steps: - id: createGithubAppToken @@ -56,23 +61,25 @@ jobs: with: fetch-depth: 0 token: ${{ steps.createGithubAppToken.outputs.token }} - - uses: shikanime-studio/setup-nix-action@v1 - with: - github-token: ${{ steps.createGithubAppToken.outputs.token }} - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} + PR_NUMBER: ${{ github.event.pull_request.number }} if: - contains(github.event.pull_request.labels.*.name, 'dependencies') && contains(github.event.issue.labels.*.name, - 'ghstack') - run: nix run nixpkgs#sapling -- ghstack land "$PR_HTML_URL" + github.event.pull_request.user.login == 'yorha-operator-6o[bot]' || github.event.pull_request.user.login + == 'dependabot[bot]' + run: gh pr edit "$PR_NUMBER" --assignee @yorha-operator-6o - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} - PR_HTML_URL: ${{ github.event.issue.pull_request.html_url }} + PR_NUMBER: ${{ github.event.pull_request.number }} if: - contains(github.event.pull_request.labels.*.name, 'dependencies') && !contains(github.event.issue.labels.*.name, - 'ghstack') - run: gh pr merge --auto "$PR_HTML_URL" + github.event.pull_request.user.login == 'yorha-operator-6o[bot]' || github.event.pull_request.user.login + == 'dependabot[bot]' + run: gh pr edit "$PR_NUMBER" --add-label dependencies + - env: + GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} + PR_NUMBER: ${{ github.event.pull_request.number }} + if: startsWith(github.head_ref, 'gh/') && !endsWith(github.head_ref, '/head') + run: gh pr edit "$PR_NUMBER" --add-label ghstack name: Integration "on": pull_request: diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index b52037c..c600437 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -89,6 +89,25 @@ with lib; enable = mkDefault true; actions = with config.github.lib; { + assign-pr = { + env = { + GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; + PR_NUMBER = mkWorkflowRef "github.event.pull_request.number"; + }; + "if" = concatStringsSep " || " [ + "github.event.pull_request.user.login == 'yorha-operator-6o[bot]'" + "github.event.pull_request.user.login == 'dependabot[bot]'" + ]; + run = mkWorkflowRun [ + "gh" + "pr" + "edit" + ''"$PR_NUMBER"'' + "--assignee" + "@yorha-operator-6o" + ]; + }; + add-dependencies-labels = { env = { GITHUB_TOKEN = mkWorkflowRef "steps.createGithubAppToken.outputs.token"; @@ -341,17 +360,18 @@ with lib; "gh/*/*/base" ]; jobs = { - labels = { + triage = { runs-on = "ubuntu-latest"; steps = with config.github.actions; [ create-github-app-token checkout + assign-pr add-dependencies-labels add-ghstack-labels ]; }; check = { - needs = [ "labels" ]; + needs = [ "triage" ]; runs-on = "ubuntu-latest"; steps = with config.github.actions; [ create-github-app-token From 622b2e819e6c06b93dff7fb6dc17f22e9041b718 Mon Sep 17 00:00:00 2001 From: William Phetsinorath Date: Fri, 28 Nov 2025 18:45:12 +0100 Subject: [PATCH 9/9] None on "Add auto merge workflow" [ghstack-poisoned] --- .github/workflows/integration.yaml | 2 +- modules/devenv/shikanime-studio.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 62c4e50..5fc47a0 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -78,7 +78,7 @@ jobs: - env: GITHUB_TOKEN: ${{ steps.createGithubAppToken.outputs.token }} PR_NUMBER: ${{ github.event.pull_request.number }} - if: startsWith(github.head_ref, 'gh/') && !endsWith(github.head_ref, '/head') + if: startsWith(github.head_ref, 'gh/') && endsWith(github.head_ref, '/head') run: gh pr edit "$PR_NUMBER" --add-label ghstack name: Integration "on": diff --git a/modules/devenv/shikanime-studio.nix b/modules/devenv/shikanime-studio.nix index c600437..26eac26 100644 --- a/modules/devenv/shikanime-studio.nix +++ b/modules/devenv/shikanime-studio.nix @@ -134,7 +134,7 @@ with lib; }; "if" = concatStringsSep " && " [ "startsWith(github.head_ref, 'gh/')" - "!endsWith(github.head_ref, '/head')" + "endsWith(github.head_ref, '/head')" ]; run = mkWorkflowRun [ "gh"