diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 60ceb304ee8a8..7964050d8ceeb 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs diff --git a/.github/workflows/basic-eval.yml b/.github/workflows/basic-eval.yml index 605d6a30a383f..ae19418916df0 100644 --- a/.github/workflows/basic-eval.yml +++ b/.github/workflows/basic-eval.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v20 - uses: cachix/cachix-action@v12 with: diff --git a/.github/workflows/check-maintainers-sorted.yaml b/.github/workflows/check-maintainers-sorted.yaml index fc03988b068d3..61df07547f2eb 100644 --- a/.github/workflows/check-maintainers-sorted.yaml +++ b/.github/workflows/check-maintainers-sorted.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 5dd85ca26f9d0..03bd177f31f45 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -24,7 +24,7 @@ jobs: - name: print list of changed files run: | cat "$HOME/changed_files" - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index 85c7ac2d69290..1f8c6b9f296c3 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index 4f76a0d732c8e..6285fb1d26200 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-rendering.yml b/.github/workflows/manual-rendering.yml index ad47776086225..7a99a1621d5aa 100644 --- a/.github/workflows/manual-rendering.yml +++ b/.github/workflows/manual-rendering.yml @@ -17,7 +17,7 @@ jobs: if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v20 with: # explicitly enable sandbox diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml index ae39d6cfefe2a..ff892f86c9b8e 100644 --- a/.github/workflows/periodic-merge-24h.yml +++ b/.github/workflows/periodic-merge-24h.yml @@ -40,7 +40,7 @@ jobs: into: staging-22.11 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@1.4.0 diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml index 300c418054d77..687c1b99adb22 100644 --- a/.github/workflows/periodic-merge-6h.yml +++ b/.github/workflows/periodic-merge-6h.yml @@ -38,7 +38,7 @@ jobs: into: staging name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@1.4.0 diff --git a/.github/workflows/update-terraform-providers.yml b/.github/workflows/update-terraform-providers.yml index e0e68b4bf14aa..a0a55928902d2 100644 --- a/.github/workflows/update-terraform-providers.yml +++ b/.github/workflows/update-terraform-providers.yml @@ -16,7 +16,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v20 with: nix_path: nixpkgs=channel:nixpkgs-unstable diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 4172bc6fbe1e7..6150efcd55365 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -689,7 +689,7 @@ let ] ++ optional cfg.ttyAudit.openOnly "open_only" ++ optional (cfg.ttyAudit.enablePattern != null) "enable=${cfg.ttyAudit.enablePattern}" ++ optional (cfg.ttyAudit.disablePattern != null) "disable=${cfg.ttyAudit.disablePattern}" - )) + + ) + "\n") + optionalString config.services.homed.enable '' session required ${config.systemd.package}/lib/security/pam_systemd_home.so '' + diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 0757775f9af33..6b1b7f63205ed 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -43,7 +43,7 @@ let prometheus_listen_addr = "localhost:9236" [git] - bin_path = "${pkgs.git}/bin/git" + bin_path = "${cfg.packages.git}/bin/git" [gitlab-shell] dir = "${cfg.packages.gitlab-shell}" @@ -258,6 +258,14 @@ in { ''; }; + packages.git = mkOption { + type = types.package; + default = pkgs.git; + defaultText = literalExpression "pkgs.git"; + description = lib.mdDoc "Reference to the git package"; + example = literalExpression "pkgs.git"; + }; + packages.gitlab = mkOption { type = types.package; default = pkgs.gitlab; @@ -1125,7 +1133,7 @@ in { } ]; - environment.systemPackages = [ pkgs.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ]; + environment.systemPackages = [ cfg.packages.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ]; systemd.targets.gitlab = { description = "Common target for all GitLab services."; diff --git a/pkgs/development/python-modules/batchspawner/default.nix b/pkgs/development/python-modules/batchspawner/default.nix index 09023536a94b4..f2e8acfe7a0e3 100644 --- a/pkgs/development/python-modules/batchspawner/default.nix +++ b/pkgs/development/python-modules/batchspawner/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , fetchFromGitHub , jupyterhub +, packaging , pythonOlder }: @@ -21,6 +22,7 @@ buildPythonPackage rec { propagatedBuildInputs = [ jupyterhub + packaging ]; # Tests require a job scheduler e.g. slurm, pbs, etc. @@ -32,8 +34,9 @@ buildPythonPackage rec { meta = with lib; { description = "A spawner for Jupyterhub to spawn notebooks using batch resource managers"; - homepage = "https://jupyter.org"; + homepage = "https://github.com/jupyterhub/batchspawner"; + changelog = "https://github.com/jupyterhub/batchspawner/blob/v${version}/CHANGELOG.md"; license = licenses.bsd3; - maintainers = [ maintainers.costrouc ]; + maintainers = with maintainers; [ ]; }; } diff --git a/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix b/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix index 7aeaa6cdb2370..1d5cc192032e9 100644 --- a/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix +++ b/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix @@ -1,29 +1,26 @@ { lib +, bash , buildPythonPackage , fetchFromGitHub , jupyterhub +, pythonOlder , tornado -, bash }: buildPythonPackage rec { pname = "jupyterhub-systemdspawner"; - version = "0.15"; + version = "1.0.1"; + format = "setuptools"; + + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "jupyterhub"; repo = "systemdspawner"; - rev = "v${version}"; - hash = "sha256-EUCA+CKCeYr+cLVrqTqe3Q32JkbqeALL6tfOnlVHk8Q="; + rev = "refs/tags/v${version}"; + hash = "sha256-2Pxswa472umovHBUVTIX1l+Glj6bzzgBLsu+p4IA6jA="; }; - propagatedBuildInputs = [ - jupyterhub - tornado - ]; - - buildInputs = [ bash ]; - postPatch = '' substituteInPlace systemdspawner/systemd.py \ --replace "/bin/bash" "${bash}/bin/bash" @@ -32,7 +29,16 @@ buildPythonPackage rec { --replace "/bin/bash" "${bash}/bin/bash" ''; - # no tests + buildInputs = [ + bash + ]; + + propagatedBuildInputs = [ + jupyterhub + tornado + ]; + + # Module has no tests doCheck = false; postInstall = '' @@ -41,9 +47,14 @@ buildPythonPackage rec { patchShebangs $out/bin ''; + pythonImportsCheck = [ + "systemdspawner" + ]; + meta = with lib; { description = "JupyterHub Spawner using systemd for resource isolation"; homepage = "https://github.com/jupyterhub/systemdspawner"; + changelog = "https://github.com/jupyterhub/systemdspawner/blob/v${version}/CHANGELOG.md"; license = licenses.bsd3; maintainers = with maintainers; [ costrouc ]; }; diff --git a/pkgs/development/python-modules/jupyterhub/default.nix b/pkgs/development/python-modules/jupyterhub/default.nix index 9dea973b042fe..782c9379e05b0 100644 --- a/pkgs/development/python-modules/jupyterhub/default.nix +++ b/pkgs/development/python-modules/jupyterhub/default.nix @@ -1,30 +1,38 @@ { lib , stdenv -, buildPythonPackage -, pythonOlder -, fetchPypi -, fetchzip , alembic , async_generator +, beautifulsoup4 +, buildPythonPackage , certipy -, python-dateutil +, cryptography , entrypoints +, fetchPypi +, fetchzip +, importlib-metadata , jinja2 +, jsonschema , jupyter-telemetry +, jupyterlab +, mock +, nbclassic +, nodePackages +, notebook , oauthlib +, packaging , pamela +, playwright , prometheus-client +, pytest-asyncio +, pytestCheckHook +, python-dateutil +, pythonOlder , requests +, requests-mock +, selenium , sqlalchemy , tornado , traitlets -, nodePackages -, beautifulsoup4 -, cryptography -, notebook -, pytest-asyncio -, pytestCheckHook -, requests-mock , virtualenv }: @@ -61,12 +69,14 @@ in buildPythonPackage rec { pname = "jupyterhub"; - version = "1.5.0"; - disabled = pythonOlder "3.6"; + version = "4.0.1"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-3GGPZXwjukYoDjYlflCTGAZnS6Dp5kmK+wke/GIm1p0="; + hash = "sha256-jig/9Z5cQBZxIHfSVJ7XSs2RWjKDb+ACGGeKh4G9ft4="; }; # Most of this only applies when building from source (e.g. js/css assets are @@ -111,7 +121,6 @@ buildPythonPackage rec { ''; propagatedBuildInputs = [ - # https://github.com/jupyterhub/jupyterhub/blob/master/requirements.txt alembic async_generator certipy @@ -119,13 +128,18 @@ buildPythonPackage rec { entrypoints jinja2 jupyter-telemetry + jupyterlab oauthlib + packaging pamela prometheus-client requests + selenium sqlalchemy tornado traitlets + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata ]; preCheck = '' @@ -134,10 +148,14 @@ buildPythonPackage rec { ''; nativeCheckInputs = [ - # https://github.com/jupyterhub/jupyterhub/blob/master/dev-requirements.txt beautifulsoup4 cryptography notebook + jsonschema + nbclassic + mock + jupyterlab + playwright pytest-asyncio pytestCheckHook requests-mock @@ -151,14 +169,39 @@ buildPythonPackage rec { "test_external_service" # attempts to do ssl connection "test_connection_notebook_wrong_certs" + # AttributeError: 'coroutine' object... + "test_valid_events" + "test_invalid_events" + "test_user_group_roles" + ]; + + disabledTestPaths = [ + # Not testing with a running instance + # AttributeError: 'coroutine' object has no attribute 'db' + "docs/test_docs.py" + "jupyterhub/tests/browser/test_browser.py" + "jupyterhub/tests/test_api.py" + "jupyterhub/tests/test_auth_expiry.py" + "jupyterhub/tests/test_auth.py" + "jupyterhub/tests/test_metrics.py" + "jupyterhub/tests/test_named_servers.py" + "jupyterhub/tests/test_orm.py" + "jupyterhub/tests/test_pages.py" + "jupyterhub/tests/test_proxy.py" + "jupyterhub/tests/test_scopes.py" + "jupyterhub/tests/test_services_auth.py" + "jupyterhub/tests/test_singleuser.py" + "jupyterhub/tests/test_spawner.py" + "jupyterhub/tests/test_user.py" ]; meta = with lib; { - broken = lib.versionAtLeast sqlalchemy.version "2.0"; description = "Serves multiple Jupyter notebook instances"; homepage = "https://jupyter.org/"; - changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/changelog.md"; + changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/reference/changelog.md"; license = licenses.bsd3; maintainers = with maintainers; [ ixxie cstrahan ]; + # darwin: E OSError: dlopen(/nix/store/43zml0mlr17r5jsagxr00xxx91hz9lky-openpam-20170430/lib/libpam.so, 6): image not found + broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin; }; } diff --git a/pkgs/development/python-modules/pyslurm/default.nix b/pkgs/development/python-modules/pyslurm/default.nix index 97133b20eee89..5649bb460ece5 100644 --- a/pkgs/development/python-modules/pyslurm/default.nix +++ b/pkgs/development/python-modules/pyslurm/default.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { pname = "pyslurm"; - version = "22.5.1"; + version = "23.2.0"; format = "setuptools"; disabled = pythonOlder "3.6"; @@ -17,7 +17,7 @@ buildPythonPackage rec { repo = "pyslurm"; owner = "PySlurm"; rev = "refs/tags/v${version}"; - hash = "sha256-sPZELCxe2e7/gUmRxvP2aOwqsbaR/x+0grHwuDdx0Dg="; + hash = "sha256-HIidm53pV8A7pwrl6k6/B3GpzXaIxKQiB3L4s7/dqHY="; }; buildInputs = [ cython slurm ];