workflows/eval: Request reviews from changed package maintainers #366046
Conversation
infinisil
requested review from
azuwis,
Mic92,
wolfgangwalther,
itepastra,
GaetanLepage and
JohnRTitor
github-actions
bot
added
6.topic: policy discussion
6.topic: continuous integration
nix-owners
bot
requested review from
LeSuisse,
mweinelt,
philiptaron,
risicle and
zowoq
ofborg
bot
added
10.rebuild-darwin: 0
Currently we need to rely on ofborg requesting reviews from package maintainers, which takes a while with ofborg's eval queue. Since recently we're doing faster evaluations with GitHub Actions, which contain all necessary information to determine reviewers of changed packages the same way ofborg does. This PR takes advantage of that.
…ged packages The handles can change over time and there's nothing guaranteeing the ones in the maintainer list are up-to-date. In comparison GitHub IDs never change.
infinisil
force-pushed
the
maintainer-reviews
branch
from
26ba82d to
b844cba
Compare
|
Feedback addressed, still works: Infinisil-s-Test-Organization#37 (comment) |
|
@JohnRTitor A bit unfortunate but unfixable here, because the workflow for this PR itself uses the version from the base branch, but fetches the code from the PR, which now takes an extra argument not passed in the workflow |
This is the reference to look at: Infinisil-s-Test-Organization#37 (comment) instead |
| jq -r 'keys[]' comparison/maintainers.json \ | ||
| | while read -r id; do gh api /user/"$id"; done \ | ||
| | jq -s '{ reviewers: map(.login) }' \ | ||
| > reviewers.json |
There was a problem hiding this comment.
| jq -r 'keys[]' comparison/maintainers.json \ | |
| | while read -r id; do gh api /user/"$id"; done \ | |
| | jq -s '{ reviewers: map(.login) }' \ | |
| > reviewers.json | |
| jq -r 'keys[]' comparison/maintainers.json \ | |
| | head -n15 \ | |
| | while read -r id; do gh api /user/"$id"; done \ | |
| | jq -s '{ reviewers: map(.login) }' \ | |
| > reviewers.json |
GitHub apps are limited to 15 reviewer requests anyway, and this way treewide changes are handled better. Adding a head -n15 here should work, but I did not test.
There was a problem hiding this comment.
Sounds like a good idea. Should be the list sorted, so it's always the same 15 reviewers?
There was a problem hiding this comment.
I see two other options to handle treewides / PRs with more than 15 reviewers:
- Don't request reviewers in this case.
- Instead of requesting review, post a comment with all maintainers mentioned for this case.
I actually prefer the first option: When you make a treewide change and you get some random 15 reviewers, chances are high that those reviewers:
- are not responding anyway
- don't have much to say about that treewide change
So why notify many random people?
(Note that for a treewide, we very likely have already requested reviews from a bunch of people via OWNERS!)
For treewide changes it makes much more sense to pick your reviewers individually, specifically for that change.
There was a problem hiding this comment.
I think there is also a limit with posting maintainers in comments. But we probably should avoid mass-pinging so many people and leave it to the pr authors/reviewers to select the right set of people.
There was a problem hiding this comment.
So, we have now implemented requesting reviewers 1-by-1 to work around failures for some of them.
See #370749 for a run with that. Clearly the limit seems to apply for a single API request - and going 1-by-1 requested reviews from 30 reviewers there.
ofborg had limited itself to 10 per run manually. We'll need to do something about this as well.
| relevantFilenames = | ||
| drv: | ||
| (lib.lists.unique ( | ||
| builtins.map (pos: lib.strings.removePrefix (toString ../..) pos.file) ( | ||
| builtins.filter (x: x != null) [ | ||
| (builtins.unsafeGetAttrPos "maintainers" (drv.meta or { })) | ||
| (builtins.unsafeGetAttrPos "src" drv) | ||
| # broken because name is always set by stdenv: | ||
| # # A hack to make `nix-env -qa` and `nix search` ignore broken packages. | ||
| # # TODO(@oxij): remove this assert when something like NixOS/nix#1771 gets merged into nix. | ||
| # name = assert validity.handled; name + lib.optionalString | ||
| #(builtins.unsafeGetAttrPos "name" drv) | ||
| (builtins.unsafeGetAttrPos "pname" drv) | ||
| (builtins.unsafeGetAttrPos "version" drv) | ||
|
|
||
| # Use ".meta.position" for cases when most of the package is | ||
| # defined in a "common" section and the only place where | ||
| # reference to the file with a derivation the "pos" | ||
| # attribute. | ||
| # | ||
| # ".meta.position" has the following form: | ||
| # "pkgs/tools/package-management/nix/default.nix:155" | ||
| # We transform it to the following: | ||
| # { file = "pkgs/tools/package-management/nix/default.nix"; } | ||
| { file = lib.head (lib.splitString ":" (drv.meta.position or "")); } | ||
| ] | ||
| ) | ||
| )); |
There was a problem hiding this comment.
I know this is an extension on top of the current ofborg behavior, but maybe a good time to discuss it:
Can we extend the "relevant file names" for a derivation to include some dependent files like patches or setup hooks?
I remember having to look up maintainers from the derivation manually when changing the setup-hook.sh.
I think some basic rules could be:
- if the path ends in
/default.nixor the path ends in/package.nixand is in/by-name/, then - add all files in the same directory (recursively) to the list of relevant files.
A random example that would benefit from it:
pkgs/by-name/me/meson/package.nix would include changes to all the patch and .sh files in the same folder.
There was a problem hiding this comment.
I feel like we can first start with a minimal feature set and make it more complex later. Now since ofborg has been shutdown and will be re-instantiated with only a smaller feature set.
|
Backport failed for Please cherry-pick the changes locally and resolve any conflicts. git fetch origin release-24.11
git worktree add -d .worktree/backport-366046-to-release-24.11 origin/release-24.11
cd .worktree/backport-366046-to-release-24.11
git switch --create backport-366046-to-release-24.11
git cherry-pick -x b9d800d46814e44db4d0a0104141aeb54e0c3c9a b844cba4e6fcac4c4ceef81e481a5f93a01e4631 |
|
It seems there are some limitations for who we can request reviews from.
https://github.com/NixOS/nixpkgs/actions/runs/12580696560/job/35063365466 |
|
That only applies for the other issue #355847 (comment) |
|
Ah right, we need a special github token than. |
|
We should probably revert this pull request until these two issues are addressed. |
I don't think it's possible to request reviews from non-members. So a better token would not help. |
Exactly, you either need to be a repo collaborator or an org member. |
I don't think we need to revert it. Yes, we might have failing CI jobs, but ultimately we don't lose anything: The only thing that is not happening with those kind of failures is the request for maintainer reviews. Exactly the same outcome as when reverting the whole feature... except for the many cases where it already works right now.
How can it actually happen that a listed maintainer is not an org member? IIUC, maintainers are automatically added to the org, right? That means they probably left the org manually. But.. I checked the maintainers listed in the All of the 6 maintainers appear to be in the NixOS org to me. I don't understand why GH would throw an error here. |
|
A different failure mode in https://github.com/NixOS/nixpkgs/actions/runs/12588895670/job/35088361244 |
I get an email for every single PR I open telling me the job failed, and every PR has a big red ❌ on it that makes it look like eval failed. I think those are sufficient cause to revert this until it can be fixed. |
Instead of reversing this change, can't we temporarily add a |
|
Sure, that also works if someone PRs it. I just think we shouldn’t be too hesitant to revert PRs that cause treewide issues, since we didn’t have this PR 16 hours ago anyway and it is cheap to merge again with fixes but leaving things merged in a broken state multiplies the problems they cause. Better to revert and bring it back without the issue than to leave the problem present while waiting for a fix. |
I'm not against reversing this, I'd just prefer to have a somewhat working reviewer request automation instead of having to wait 2 business months for ofborg to request them itself, but either work for me. I can't PR the hack fix right now but I'm willing to do it, if someone wants to revert it meanwhile I'm okay with it as well, better than having a CI check giving a false negative on a PR. |
|
I'm kind of on holidays, but I can make a quick fix, working on it.. |
|
We can also just revert until you're back. |
|
Maybe that would've been better, but here's the fix, already tested: #370456 :) |
wolfgangwalther
added
backport release-24.11
|
Successfully created backport PR for |
Request reviews from maintainers of changed packages, mirroring what ofborg does, but without having to wait for it anymore. Part of #355847
Things done
This work is funded by Tweag and Antithesis ✨
Add a 👍 reaction to pull requests you find important.