{"id":13648162,"url":"https://github.com/Mic92/nixpkgs-review","last_synced_at":"2025-04-22T07:30:46.898Z","repository":{"id":39667723,"uuid":"125632049","full_name":"Mic92/nixpkgs-review","owner":"Mic92","description":"Review pull-requests on https://github.com/NixOS/nixpkgs","archived":false,"fork":false,"pushed_at":"2025-04-09T04:37:17.000Z","size":762,"stargazers_count":479,"open_issues_count":80,"forks_count":71,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-14T22:17:59.840Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mic92.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-03-17T13:30:00.000Z","updated_at":"2025-04-11T13:47:45.000Z","dependencies_parsed_at":"2023-10-19T22:53:35.164Z","dependency_job_id":"cd0b489e-ca03-4461-9944-3aaf043d9998","html_url":"https://github.com/Mic92/nixpkgs-review","commit_stats":{"total_commits":503,"total_committers":53,"mean_commits":9.49056603773585,"dds":"0.42345924453280315","last_synced_commit":"907925df227584ae4c0eb38db51fd23fe495d276"},"previous_names":[],"tags_count":60,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mic92%2Fnixpkgs-review","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mic92%2Fnixpkgs-review/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mic92%2Fnixpkgs-review/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mic92%2Fnixpkgs-review/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mic92","download_url":"https://codeload.github.com/Mic92/nixpkgs-review/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250195033,"owners_count":21390230,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2024-08-02T01:04:01.185Z","updated_at":"2025-04-22T07:30:46.885Z","avatar_url":"https://github.com/Mic92.png","language":"Python","funding_links":[],"categories":["Python","Development","hacktoberfest"],"sub_categories":["Discovery"],"readme":"# nixpkgs-review\n\n![Build Status](https://github.com/Mic92/nixpkgs-review/workflows/Test/badge.svg)\n\nReview pull-requests on https://github.com/NixOS/nixpkgs. nixpkgs-review\nautomatically builds packages changed in the pull requests.\n\n## Features\n\n- [ofborg](https://github.com/NixOS/ofborg) support: reuses evaluation output of\n  CI to skip local evaluation, but also falls back if ofborg is not finished\n- provides a `nix-shell` with all packages that did not fail to build\n- remote builder support\n- allows to build a subset of packages (great for mass-rebuilds)\n- allow to build nixos tests\n- markdown reports\n- GitHub integration:\n  - post PR comments with results\n  - approve or merge PRs (the last one requires maintainer permission)\n  - show PR comments/reviews\n- logs per built or failed package\n- symlinks built packages to result directory for inspection\n\n## Installation\n\n`nixpkgs-review` is included in nixpkgs.\n\nTo use it without installing it, use:\n\n```console\n$ nix run 'nixpkgs#nixpkgs-review'\n```\n\nTo run it from the git repository:\n\n```console\n$ nix-build\n$ ./result/bin/nixpkgs-review\n```\n\n### Development Environment\n\nFor IDEs:\n\n```console\n$ nix-build -A env -o .venv\n```\n\nor just use:\n\n```console\n./bin/nixpkgs-review\n```\n\n## Usage\n\nFirst, change to your local nixpkgs repository directory, i.e.:\n\n```console\ncd ~/git/nixpkgs\n```\n\nNote that your local checkout git will not be affected by `nixpkgs-review`,\nsince it will use [git-worktree](https://git-scm.com/docs/git-worktree) to\nperform fast checkouts.\n\nThen run `nixpkgs-review` by providing the pull request number…\n\n```console\n$ nixpkgs-review pr 37242\n```\n\n…or the full pull request URL:\n\n```console\n$ nixpkgs-review pr https://github.com/NixOS/nixpkgs/pull/37242\n```\n\nThe output will then look as follows:\n\n```console\n$ git fetch --force https://github.com/NixOS/nixpkgs pull/37242/head:refs/nixpkgs-review/0\n$ git worktree add /home/joerg/git/nixpkgs/.review/pr-37242 1cb9f643480612696de93fb2f2a2f3340d0e3156\nPreparing /home/joerg/git/nixpkgs/.review/pr-37242 (identifier pr-37242)\nChecking out files: 100% (14825/14825), done.\nHEAD is now at 1cb9f643480 redis: 4.0.7 -\u003e 4.0.8\nBuilding in /tmp/nox-review-4ml2epyy: redis\n$ nix-build --no-out-link --keep-going --max-jobs 4 --option build-use-sandbox true \u003cnixpkgs\u003e -A redis\n/nix/store/jbp7m1gshmk8an8sb14glwijgw1chvvq-redis-4.0.8\n$ nix-shell -p redis\n[nix-shell:~/git/nixpkgs]$ /nix/store/jbp7m1gshmk8an8sb14glwijgw1chvvq-redis-4.0.8/bin/redis-cli --version\nredis-cli 4.0.8\n```\n\nTo review a local commit without pull request, use the following command:\n\n```console\n$ nixpkgs-review rev HEAD\n```\n\nInstead of `HEAD` a commit or branch can also be given.\n\nTo review uncommitted changes, use the following command:\n\n```console\n$ nixpkgs-review wip\n```\n\nStaged changes can be reviewed like this:\n\n```console\n$ nixpkgs-review wip --staged\n```\n\nIf you'd like to post the `nixpkgs-review` results as a formatted PR comment,\npass the `--post-result` flag:\n\n```console\n$ nixpkgs-review pr --post-result 37242\n```\n\nInstead of posting a PR comment, nixpkgs-review can also print the report to the\nterminal using the `--print-result` flag. This flag will work for the `rev` and\n`wip` command..\n\n```console\n$ nixpkgs-review pr --print-result 37242\n```\n\nOften, after reviewing a diff on a pull request, you may want to say \"This diff\nlooks good to me, approve/merge it provided that there are no package build\nfailures\". To do so, run the following subcommands from within the nix-shell\nprovided by nixpkgs-review.\n\n```console\n$ nixpkgs-review pr 37242\nnix-shell\u003e nixpkgs-review approve\n# Or, if you have maintainer access and would like to merge (provided no build failures):\nnix-shell\u003e nixpkgs-review merge\n# It is also possible to upload the result report from here\nnix-shell\u003e nixpkgs-review post-result\n# Review-comments can also be shown\nnix-shell\u003e nixpkgs-review comments\n```\n\n`nixpkgs-review` will by default use\n[nix-output-monitor](https://github.com/maralorn/nix-output-monitor) if found in\n`$PATH`. If you have `nom` installed but don't want to use it, you can pass\n`nix` to `--build-graph` to use `nix build` instead of `nom build`.\n\nSome pull requests may require configuration for nixpkgs to test out. You can\nuse the `--extra-nixpkgs-config` flag to supply extra configuration for nixpkgs.\n\n```console\n$ nixpkgs-review pr 37242 --extra-nixpkgs-config '{ cudaSupport = true; }'\n```\n\n## Using nixpkgs-review in scripts or other programs\n\nAfter building, `nixpkgs-review` will normally start a `nix-shell` with the\npackages built, to allow for interactive testing. To use `nixpkgs-review`\nnon-interactively in scripts, use the `--no-shell` command, which can allow for\nbatch processing of multiple reviews or use in scripts/bots.\n\nExample testing multiple unrelated PRs and posting the build results as PR\ncomments for later review:\n\n```bash\nfor pr in 807{60..70}; do\n    nixpkgs-review pr --no-shell --post-result $pr \u0026\u0026 echo \"PR $pr succeeded\" || echo \"PR $pr failed\"\ndone\n```\n\n`nixpkgs-review` also accepts a `--run` flag that allows to run a custom command\ninside the nix-shell instead of an interactive session:\n\n```console\n$ nixpkgs-review pr --run --systems all 'jq \u003c report.json' 340297\n# ...\n{\n  \"checkout\": \"merge\",\n  \"extra-nixpkgs-config\": null,\n  \"pr\": 340297,\n  \"result\": {\n    \"aarch64-linux\": {\n      \"blacklisted\": [],\n      \"broken\": [],\n      \"built\": [\n        \"forecast\"\n      ],\n      \"failed\": [],\n      \"non-existent\": [],\n      \"tests\": []\n    },\n    \"x86_64-linux\": {\n      \"blacklisted\": [],\n      \"broken\": [],\n      \"built\": [\n        \"forecast\"\n      ],\n      \"failed\": [],\n      \"non-existent\": [],\n      \"tests\": []\n    }\n  },\n  \"systems\": [\n    \"x86_64-linux\",\n    \"aarch64-linux\"\n  ]\n}\n```\n\n## Review multiple pull requests at once\n\nnixpkgs-review accept multiple pull request numbers at once:\n\n```console\n$ nixpkgs-review pr 94524 94494 94522 94493 94520\n```\n\nThis will first evaluate \u0026 build all pull requests in serial. Then a nix-shell\nwill be opened for each of them after the previous shell has been closed.\n\nTip: Since it's hard to keep track of the numbers, for each opened shell the\ncorresponding pull request URL is shown.\n\n## Remote builder\n\nNixpkgs-review will pass all arguments given in `--build-arg` to `nix-build`:\n\n```console\n$ nixpkgs-review pr --build-args=\"--builders 'ssh://joerg@10.243.29.170'\" 37244\n```\n\nAs an alternative, one can also specify remote builder as usual in\n`/etc/nix/machines` or via the `nix.buildMachines` nixos options in\n`configuration.nix`. This allows to parallelize builds across multiple machines.\n\n## GitHub API token\n\n**Nixpkgs-review** requires a GitHub token to use cached evaluation results from\nGitHub and for certain commands (e.g., `post-result` or `merge`). Even for\nread-only operations, GitHub returns 403 error messages if your IP exceeds the\nrate limit for unauthenticated requests.\n\n**Automatic Token Usage** Nixpkgs-review will automatically use a GitHub token\ngenerated by [gh](https://cli.github.com/) (if installed). To set this up, run\n`gh auth login` once to log in.\n\n**Manual Token Creation** If you prefer to create a token manually, generate a\n\"Personal Access Token (Classic)\" through GitHub's website. Refer to\n[GitHub's documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)\nfor detailed instructions. For posting generated reports, ensure the token is\ngranted the `public_repo` scope.\n\n**Supplying the Token** You can provide your token to Nixpkgs-review using\neither the `GITHUB_TOKEN` environment variable or the `--token` parameter of the\n`pr` subcommand. Examples:\n\n```console\n$ GITHUB_TOKEN=ghp_WAI7vpi9wVHbxPOA185NwWvaMawDuCnMGc3E nixpkgs-review pr 37244 --post-result\n$ nixpkgs-review pr 37244 --token ghp_WAI7vpi9wVHbxPOA185NwWvaMawDuCnMGc3E --post-result\n```\n\n## Checkout strategy (recommend for r-ryantm + cachix)\n\nBy default, `nixpkgs-review pr` will merge the pull request into the pull\nrequest's target branch (most commonly master). However, at times\nmass-rebuilding commits have been applied in the target branch, but not yet\nbuilt by hydra. Often those are not relevant for the current review, but will\nsignificantly increase the local build time. For this case, the `--checkout`\noption can be specified to override the default behavior (`merge`). By setting\nits value to `commit`, `nixpkgs-review` will checkout the user's pull request\nbranch without merging it:\n\n```console\n$ nixpkgs-review pr --checkout commit 44534\n```\n\n## Only building a subset of packages\n\nTo build only certain packages, use the `--package` (or `-p`) flag.\n\n```console\n$ nixpkgs-review pr -p openjpeg -p ImageMagick 49262\n```\n\nThere is also the `--package-regex` option that takes a regular expression to\nmatch against the attribute name.\n\n```console\n# build only linux kernels but not the packages\n$ nixpkgs-review pr --package-regex 'linux_' 51292\n```\n\nTo skip building certain packages, use the `--skip-package` (or `-P`) flag.\n\n```console\n$ nixpkgs-review pr -P ImageMagick 49262\n```\n\nThere is also the `--skip-package-regex` option that takes a regular expression\nto match against the attribute name. Unlike the `--package-regex` option, a full\nmatch is required, which means you probably want to work with `.*` or `\\w+`.\n\n```console\n# skip building linux kernels but not the packages\n$ nixpkgs-review pr --skip-package-regex 'linux_.*' 51292\n```\n\n`-p`, `-P`, `--package-regex` and `--skip-package-regex` can be used together,\nin which case the matching packages will be merged.\n\nFull documentation for regex matching syntax can be found\n[here](https://docs.python.org/3/library/re.html#regular-expression-syntax).\n\n## Running tests\n\nNixOS tests can be run by using the `--package` feature and our `nixosTests`\nattribute set:\n\n```console\n$ nixpkgs-review pr -p nixosTests.ferm 47077\n```\n\n## Ignoring ofborg evaluations\n\nBy default, nixpkgs-review will use ofborg's evaluation result if available to\nfigure out what packages need to be rebuilt. This can be turned off using\n`--eval local`, which is useful if ofborg's evaluation result is outdated. Even\nif using `--eval ofborg`, nixpkgs-review will fall back to local evaluation if\nofborg's result is not (yet) available.\n\n## Review changes in personal forks\n\nBoth the `rev` and the `wip` subcommand support a `--remote` argument to\noverwrite the upstream repository URL (defaults to\n`https://github.com/NixOS/nixpkgs`). The following example will use\n`mayflower`'s nixpkgs fork to fetch the branch where the changes will be merged\ninto:\n\n```console\n$ nixpkgs-review --remote https://github.com/mayflower/nixpkgs wip\n```\n\nNote that this has been not yet implemented for pull requests, i.e., `pr`\nsubcommand.\n\n## Review changes for other operating systems/architectures\n\nThe `--systems` flag allows setting a system different from the current one.\nNote that the result nix-shell may not be able to execute all hooks correctly\nsince the architecture/operating system mismatches.\n\nBy default, `nixpkgs-review` targets only the current system\n(`--systems current`). You can also explicitly provide one or several systems to\ntarget (`--systems \"x86_64-linux aarch64-darwin\"`). We also provide aliases for\nthe flag:\n\n| Alias                                                | Transforms to                                             |\n| ---------------------------------------------------- | --------------------------------------------------------- |\n| `current`                                            | Your current system                                       |\n| `all`                                                | `aarch64-darwin aarch64-linux x86_64-darwin x86_64-linux` |\n| `linux`                                              | `aarch64-linux x86_64-linux`                              |\n| `darwin`, `macos`                                    | `aarch64-darwin x86_64-darwin`                            |\n| `x64`, `x86`, `x86_64`, `x86-64`, `x64_86`, `x64-86` | `x86_64-darwin x86_64-linux`                              |\n| `aarch64`, `arm64`                                   | `aarch64-darwin aarch64-linux`                            |\n\nEnsure that your system is capable of building for the specified architectures,\neither locally or through the remote builder protocol.\n\n```console\n$ nixpkgs-review pr --system aarch64-linux 98734\n```\n\n## Review changes inside sandbox [EXPERIMENTAL]\n\nThe `--sandbox` flag setups a sandbox using\n[bubblewrap](https://github.com/containers/bubblewrap). This is the same tool\nused by Flatpak and OSTree, and offers an unprivileged sandbox based on user\nnamespaces.\n\nKeep in mind that `--sandbox` flag is not necessary tuned for privacy or\nsecurity. Instead, it uses a pretty lax sandbox where it is possible to leak\ndata sensitive by environment variables or stateful filesystems (like `/run`).\nThe reason for this is because many packages would break otherwise, and this\nwould make this flag useless for review purposes.\n\nThe objective of `--sandbox` is to protect your system against accidental\nmodification and to offer a clean(ish) system state where packages can be\ntested. For example, it mounts a `tmpfs` in-place of your `HOME` directory,\navoiding situations where a dirty configuration on your `HOME` directory can\nlead to a broken package during testing. It also protects your `HOME` and system\nagainst undesired files created during package testing.\n\nThis flag is still in an experimental stage. Please note that it isn't\nexhaustive tested against nixpkgs, so some packages may break under it. Before\ndisapproving a PR because the program is broken under the sandbox, try without\nthis flag first to make sure that the issue is not the sandbox. If the issue is\ncaused because of the sandbox, please open an issue including the PR number in\nnixpkgs so we can try to fix this issue.\n\n```console\n$ nix-shell -p bubblewrap # or install it using NixOS/Home-Manager/etc.\n$ nixpkgs-review pr --sandbox 98734\n```\n\n## Roadmap\n\n- [ ] test backports\n- [ ] show pull request description + diff during review\n\n## Run tests\n\nTo run tests use:\n\n```console\n$ pytest\n```\n\nWe also use python3's type hints. To check them, use `mypy`:\n\n```console\n$ mypy nixpkgs_review\n```\n\n## Maintainers\n\nThe following persons have commit access to this repo:\n\n- [Artturin](https://github.com/Artturin)\n- [GaetanLepage](https://github.com/GaetanLepage)\n- [Mic92](https://github.com/Mic92)\n- [SuperSandro2000](https://github.com/SuperSandro2000)\n\n## Related projects:\n\n- [nox-review](https://github.com/madjar/nox):\n  - works but is as slow as a snail: the checkout process of nox-review is slow\n    since it requires multiple git fetches. Also it cannot make use of ofborg's\n    evaluation\n  - it only builds all packages without providing a `nix-shell` for review\n- [niff](https://github.com/FRidh/niff):\n  - only provides a list of packages that have changed, but does not build\n    packages\n  - also needs to evaluate changed attributes locally instead of using ofborg\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMic92%2Fnixpkgs-review","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FMic92%2Fnixpkgs-review","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMic92%2Fnixpkgs-review/lists"}