From 34fcb0feff9d0cdfb7aba2429b0fa08948e7b345 Mon Sep 17 00:00:00 2001 From: Terje Larsen Date: Sat, 4 Apr 2026 08:24:30 +0200 Subject: [PATCH 1/2] feat: configurable checkout action --- module/README.md | 26 +++++++++++ module/interface.nix | 7 +++ module/jobs/github-actions/default.nix | 3 +- module/jobs/job/github-actions.nix | 4 +- module/tests/github-actions/job.nix | 60 ++++++++++++++++++++++++++ 5 files changed, 97 insertions(+), 3 deletions(-) diff --git a/module/README.md b/module/README.md index 6292b37..c916902 100644 --- a/module/README.md +++ b/module/README.md @@ -579,6 +579,32 @@ list of string +## pipeline\.github-actions\.checkoutAction + + + +The default checkout action to use for jobs + + + +*Type:* +string + + + +*Default:* +` "actions/checkout@v6" ` + + + +*Example:* +` "actions/checkout@v5" ` + +*Declared by:* + - [interface\.nix](interface.nix) + + + ## pipeline\.github-actions\.defaultRunsOn diff --git a/module/interface.nix b/module/interface.nix index bf87473..5cfd164 100644 --- a/module/interface.nix +++ b/module/interface.nix @@ -69,6 +69,13 @@ in description = "A function to transform job names"; }; + checkoutAction = lib.mkOption { + type = types.str; + default = "actions/checkout@v4"; + description = "The default checkout action to use for jobs"; + example = "actions/checkout@v5"; + }; + file = lib.mkOption { internal = true; type = types.package; diff --git a/module/jobs/github-actions/default.nix b/module/jobs/github-actions/default.nix index 1028ab6..e947f03 100644 --- a/module/jobs/github-actions/default.nix +++ b/module/jobs/github-actions/default.nix @@ -1,6 +1,7 @@ { lib, config, ... }: let + inherit (config.pipeline.github-actions) checkoutAction; enabledJobs = lib.filterAttrs (_: builtins.getAttr "enable") config.jobs; changes = lib.pipe enabledJobs [ @@ -17,7 +18,7 @@ in outputs.changes = "\${{ steps.diff.outputs.changes }}"; runs-on = config.pipeline.github-actions.defaultRunsOn; steps = [ - { uses = "actions/checkout@v4"; } + { uses = checkoutAction; } { id = "diff"; shell = "bash"; diff --git a/module/jobs/job/github-actions.nix b/module/jobs/job/github-actions.nix index f47d023..39c4bc8 100644 --- a/module/jobs/job/github-actions.nix +++ b/module/jobs/job/github-actions.nix @@ -8,7 +8,7 @@ let inherit (rootConfig) jobs; - inherit (rootConfig.pipeline.github-actions) defaultRunsOn transformJobName; + inherit (rootConfig.pipeline.github-actions) defaultRunsOn transformJobName checkoutAction; needs = lib.pipe config.needs [ (builtins.filter (need: jobs.${need.job}.enable)) @@ -24,7 +24,7 @@ in runs-on = lib.mkIf (defaultRunsOn != null) (lib.mkDefault defaultRunsOn); steps = lib.mkMerge [ - (lib.mkIf config.checkout (lib.mkBefore [ { uses = "actions/checkout@v4"; } ])) + (lib.mkIf config.checkout (lib.mkBefore [ { uses = checkoutAction; } ])) (lib.mkAfter (map (command: { run = command; }) config.commands)) ]; } diff --git a/module/tests/github-actions/job.nix b/module/tests/github-actions/job.nix index 61572fe..79ebb82 100644 --- a/module/tests/github-actions/job.nix +++ b/module/tests/github-actions/job.nix @@ -170,4 +170,64 @@ }; }; }; + + test-github-actions-job-custom-checkout-action = { + expr = test-lib.eval-github-actions { + pipeline.github-actions.defaultRunsOn = "ubuntu-latest"; + pipeline.github-actions.checkoutAction = "actions/checkout@v5"; + jobs.job1 = { + checkout = true; + commands = [ "echo hello" ]; + }; + }; + expected = { + jobs.job1 = { + runs-on = "ubuntu-latest"; + steps = [ + { uses = "actions/checkout@v5"; } + { run = "echo hello"; } + ]; + }; + }; + }; + + test-github-actions-changes-job-uses-custom-checkout-action = { + expr = test-lib.eval-github-actions { + pipeline.github-actions.defaultRunsOn = "ubuntu-latest"; + pipeline.github-actions.checkoutAction = "actions/checkout@v5"; + jobs = { + job-a = { + branches.default = { + changes.paths = [ "src/**" ]; + triggers.onMergeRequest = true; + }; + }; + }; + }; + expected = { + jobs = { + changes = { + outputs.changes = "\${{ steps.diff.outputs.changes }}"; + runs-on = "ubuntu-latest"; + steps = [ + { uses = "actions/checkout@v5"; } + { + id = "diff"; + shell = "bash"; + env.PATHS = "job-a:src/**"; + run = builtins.readFile ../../jobs/github-actions/diff-script; + } + ]; + }; + job-a = { + needs = [ "changes" ]; + "if" = ''''${{ fromJSON(needs.changes.outputs.changes)['job-a'] == true }}''; + runs-on = "ubuntu-latest"; + steps = [ + { uses = "actions/checkout@v5"; } + ]; + }; + }; + }; + }; } From 42e9cf3b754c1ee0324b1f110c86f3dc32123c8e Mon Sep 17 00:00:00 2001 From: Terje Larsen Date: Sat, 4 Apr 2026 08:26:38 +0200 Subject: [PATCH 2/2] chore: bump actions/checkout to v6 --- .github/workflows/ci.yaml | 2 +- module/interface.nix | 2 +- module/tests/github-actions/job.nix | 26 +++++++++++++------------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 93fb0fe..e1edae0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,7 +2,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: cachix/install-nix-action@v31 with: extra_nix_config: | diff --git a/module/interface.nix b/module/interface.nix index 5cfd164..e4819c8 100644 --- a/module/interface.nix +++ b/module/interface.nix @@ -71,7 +71,7 @@ in checkoutAction = lib.mkOption { type = types.str; - default = "actions/checkout@v4"; + default = "actions/checkout@v6"; description = "The default checkout action to use for jobs"; example = "actions/checkout@v5"; }; diff --git a/module/tests/github-actions/job.nix b/module/tests/github-actions/job.nix index 79ebb82..6340f84 100644 --- a/module/tests/github-actions/job.nix +++ b/module/tests/github-actions/job.nix @@ -13,7 +13,7 @@ jobs.job1 = { runs-on = "ubuntu-latest"; steps = [ - { uses = "actions/checkout@v4"; } + { uses = "actions/checkout@v6"; } { run = "echo 'Run your script here'"; } ]; }; @@ -33,11 +33,11 @@ expected = { jobs = { job_a = { - steps = [ { uses = "actions/checkout@v4"; } ]; + steps = [ { uses = "actions/checkout@v6"; } ]; }; job_b = { needs = [ "job_a" ]; - steps = [ { uses = "actions/checkout@v4"; } ]; + steps = [ { uses = "actions/checkout@v6"; } ]; }; }; }; @@ -57,11 +57,11 @@ expected = { jobs = { job-a = { - steps = [ { uses = "actions/checkout@v4"; } ]; + steps = [ { uses = "actions/checkout@v6"; } ]; }; job-c = { needs = [ "job-a" ]; - steps = [ { uses = "actions/checkout@v4"; } ]; + steps = [ { uses = "actions/checkout@v6"; } ]; }; }; }; @@ -75,11 +75,11 @@ expected = { jobs = { job-a = { - steps = [ { uses = "actions/checkout@v4"; } ]; + steps = [ { uses = "actions/checkout@v6"; } ]; }; job-b = { needs = [ "job-a" ]; - steps = [ { uses = "actions/checkout@v4"; } ]; + steps = [ { uses = "actions/checkout@v6"; } ]; }; }; }; @@ -91,7 +91,7 @@ }; expected = { - jobs.job-a.steps = [ { uses = "actions/checkout@v4"; } ]; + jobs.job-a.steps = [ { uses = "actions/checkout@v6"; } ]; }; }; @@ -105,9 +105,9 @@ expected = { jobs = { - job-a.steps = [ { uses = "actions/checkout@v4"; } ]; + job-a.steps = [ { uses = "actions/checkout@v6"; } ]; job-b = { - steps = [ { uses = "actions/checkout@v4"; } ]; + steps = [ { uses = "actions/checkout@v6"; } ]; needs = [ "job-a" ]; }; }; @@ -142,7 +142,7 @@ outputs.changes = "\${{ steps.diff.outputs.changes }}"; runs-on = "ubuntu-latest"; steps = [ - { uses = "actions/checkout@v4"; } + { uses = "actions/checkout@v6"; } { id = "diff"; shell = "bash"; @@ -157,14 +157,14 @@ "if" = ''''${{ fromJSON(needs.changes.outputs.changes)['job-a'] == true }}''; runs-on = "ubuntu-latest"; steps = [ - { uses = "actions/checkout@v4"; } + { uses = "actions/checkout@v6"; } ]; }; job-b = { runs-on = "ubuntu-latest"; steps = [ - { uses = "actions/checkout@v4"; } + { uses = "actions/checkout@v6"; } ]; }; };