From d14e9e81e333f190929beba0b1d561a7dbf7362a Mon Sep 17 00:00:00 2001 From: Tobias Stenzel Date: Wed, 15 Feb 2023 20:33:23 +0100 Subject: [PATCH 01/11] gitlab: make Git package configurable There have been multiple Git CVE that affected Gitlab. It's helpful for quick Git updates to make the Git package used by Gitlab/Gitaly configurable because overriding the nixpkgs git package causes mass package rebuilds. --- nixos/modules/services/misc/gitlab.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 0757775f9af33..6b1b7f63205ed 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -43,7 +43,7 @@ let prometheus_listen_addr = "localhost:9236" [git] - bin_path = "${pkgs.git}/bin/git" + bin_path = "${cfg.packages.git}/bin/git" [gitlab-shell] dir = "${cfg.packages.gitlab-shell}" @@ -258,6 +258,14 @@ in { ''; }; + packages.git = mkOption { + type = types.package; + default = pkgs.git; + defaultText = literalExpression "pkgs.git"; + description = lib.mdDoc "Reference to the git package"; + example = literalExpression "pkgs.git"; + }; + packages.gitlab = mkOption { type = types.package; default = pkgs.gitlab; @@ -1125,7 +1133,7 @@ in { } ]; - environment.systemPackages = [ pkgs.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ]; + environment.systemPackages = [ cfg.packages.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ]; systemd.targets.gitlab = { description = "Common target for all GitLab services."; From da16974df42443db386a6fd9a209d15b25583e5f Mon Sep 17 00:00:00 2001 From: Tobias Stenzel Date: Wed, 22 Feb 2023 15:48:44 +0100 Subject: [PATCH 02/11] pam_tty_audit: fix missing newline after config --- nixos/modules/security/pam.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 4172bc6fbe1e7..6150efcd55365 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -689,7 +689,7 @@ let ] ++ optional cfg.ttyAudit.openOnly "open_only" ++ optional (cfg.ttyAudit.enablePattern != null) "enable=${cfg.ttyAudit.enablePattern}" ++ optional (cfg.ttyAudit.disablePattern != null) "disable=${cfg.ttyAudit.disablePattern}" - )) + + ) + "\n") + optionalString config.services.homed.enable '' session required ${config.systemd.package}/lib/security/pam_systemd_home.so '' + From e5f1afa2cdeec802103f0d02821a07316f13c02f Mon Sep 17 00:00:00 2001 From: Tobias Stenzel Date: Sun, 9 Apr 2023 01:23:48 +0200 Subject: [PATCH 03/11] pyslurm: 22.5.1 -> 23.2.0 --- pkgs/development/python-modules/pyslurm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/pyslurm/default.nix b/pkgs/development/python-modules/pyslurm/default.nix index 97133b20eee89..5649bb460ece5 100644 --- a/pkgs/development/python-modules/pyslurm/default.nix +++ b/pkgs/development/python-modules/pyslurm/default.nix @@ -8,7 +8,7 @@ buildPythonPackage rec { pname = "pyslurm"; - version = "22.5.1"; + version = "23.2.0"; format = "setuptools"; disabled = pythonOlder "3.6"; @@ -17,7 +17,7 @@ buildPythonPackage rec { repo = "pyslurm"; owner = "PySlurm"; rev = "refs/tags/v${version}"; - hash = "sha256-sPZELCxe2e7/gUmRxvP2aOwqsbaR/x+0grHwuDdx0Dg="; + hash = "sha256-HIidm53pV8A7pwrl6k6/B3GpzXaIxKQiB3L4s7/dqHY="; }; buildInputs = [ cython slurm ]; From 6c8b48d8d93297c64bb841625157a9ff43dd4158 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sat, 3 Jun 2023 22:15:45 +0200 Subject: [PATCH 04/11] python311Packages.jupyterhub: 1.5.0 -> 4.0.0 Changelog: https://github.com/jupyterhub/jupyterhub/blob/4.0.0/docs/source/changelog.md --- .../python-modules/jupyterhub/default.nix | 66 ++++++++++++++----- 1 file changed, 48 insertions(+), 18 deletions(-) diff --git a/pkgs/development/python-modules/jupyterhub/default.nix b/pkgs/development/python-modules/jupyterhub/default.nix index 9dea973b042fe..64fc00dd0144b 100644 --- a/pkgs/development/python-modules/jupyterhub/default.nix +++ b/pkgs/development/python-modules/jupyterhub/default.nix @@ -1,30 +1,32 @@ { lib , stdenv -, buildPythonPackage -, pythonOlder -, fetchPypi -, fetchzip , alembic , async_generator +, beautifulsoup4 +, buildPythonPackage , certipy -, python-dateutil +, cryptography , entrypoints +, fetchPypi +, fetchzip +, importlib-metadata , jinja2 , jupyter-telemetry +, nodePackages +, notebook , oauthlib , pamela , prometheus-client +, pytest-asyncio +, pytestCheckHook +, python-dateutil +, pythonOlder , requests +, requests-mock +, selenium , sqlalchemy , tornado , traitlets -, nodePackages -, beautifulsoup4 -, cryptography -, notebook -, pytest-asyncio -, pytestCheckHook -, requests-mock , virtualenv }: @@ -61,12 +63,14 @@ in buildPythonPackage rec { pname = "jupyterhub"; - version = "1.5.0"; - disabled = pythonOlder "3.6"; + version = "4.0.0"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-3GGPZXwjukYoDjYlflCTGAZnS6Dp5kmK+wke/GIm1p0="; + hash = "sha256-LKspluSafStwwLtYCpkuRCBZSD4K8YrwYaKayCsUqGc="; }; # Most of this only applies when building from source (e.g. js/css assets are @@ -111,7 +115,6 @@ buildPythonPackage rec { ''; propagatedBuildInputs = [ - # https://github.com/jupyterhub/jupyterhub/blob/master/requirements.txt alembic async_generator certipy @@ -123,9 +126,12 @@ buildPythonPackage rec { pamela prometheus-client requests + selenium sqlalchemy tornado traitlets + ] ++ lib.optionals (pythonOlder "3.10") [ + importlib-metadata ]; preCheck = '' @@ -134,7 +140,6 @@ buildPythonPackage rec { ''; nativeCheckInputs = [ - # https://github.com/jupyterhub/jupyterhub/blob/master/dev-requirements.txt beautifulsoup4 cryptography notebook @@ -151,14 +156,39 @@ buildPythonPackage rec { "test_external_service" # attempts to do ssl connection "test_connection_notebook_wrong_certs" + # AttributeError: 'coroutine' object... + "test_valid_events" + "test_invalid_events" + "test_user_group_roles" + ]; + + disabledTestPaths = [ + # Not testing with a running instance + # AttributeError: 'coroutine' object has no attribute 'db' + "docs/test_docs.py" + "jupyterhub/tests/test_orm.py" + "jupyterhub/tests/test_api.py" + "jupyterhub/tests/test_auth.py" + "jupyterhub/tests/test_auth_expiry.py" + "jupyterhub/tests/test_metrics.py" + "jupyterhub/tests/test_named_servers.py" + "jupyterhub/tests/selenium/test_browser.py" + "jupyterhub/tests/test_user.py" + "jupyterhub/tests/test_singleuser.py" + "jupyterhub/tests/test_spawner.py" + "jupyterhub/tests/test_services_auth.py" + "jupyterhub/tests/test_scopes.py" + "jupyterhub/tests/test_proxy.py" + "jupyterhub/tests/test_pages.py" ]; meta = with lib; { - broken = lib.versionAtLeast sqlalchemy.version "2.0"; description = "Serves multiple Jupyter notebook instances"; homepage = "https://jupyter.org/"; changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/changelog.md"; license = licenses.bsd3; maintainers = with maintainers; [ ixxie cstrahan ]; + # darwin: E OSError: dlopen(/nix/store/43zml0mlr17r5jsagxr00xxx91hz9lky-openpam-20170430/lib/libpam.so, 6): image not found + broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin; }; } From 1cdde200e1c9da0f553df112a7c404473cac7535 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 25 Jun 2023 23:10:59 +0200 Subject: [PATCH 05/11] python311Packages.jupyterhub: 4.0.0 -> 4.0.1 Changelog: https://github.com/jupyterhub/jupyterhub/blob/4.0.1/docs/source/reference/changelog.md --- .../python-modules/jupyterhub/default.nix | 32 ++++++++++++------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/pkgs/development/python-modules/jupyterhub/default.nix b/pkgs/development/python-modules/jupyterhub/default.nix index 64fc00dd0144b..9d53738acf8cd 100644 --- a/pkgs/development/python-modules/jupyterhub/default.nix +++ b/pkgs/development/python-modules/jupyterhub/default.nix @@ -11,11 +11,16 @@ , fetchzip , importlib-metadata , jinja2 +, jsonschema , jupyter-telemetry +, jupyterlab +, mock +, nbclassic , nodePackages , notebook , oauthlib , pamela +, playwright , prometheus-client , pytest-asyncio , pytestCheckHook @@ -63,14 +68,14 @@ in buildPythonPackage rec { pname = "jupyterhub"; - version = "4.0.0"; + version = "4.0.1"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-LKspluSafStwwLtYCpkuRCBZSD4K8YrwYaKayCsUqGc="; + hash = "sha256-jig/9Z5cQBZxIHfSVJ7XSs2RWjKDb+ACGGeKh4G9ft4="; }; # Most of this only applies when building from source (e.g. js/css assets are @@ -143,6 +148,11 @@ buildPythonPackage rec { beautifulsoup4 cryptography notebook + jsonschema + nbclassic + mock + jupyterlab + playwright pytest-asyncio pytestCheckHook requests-mock @@ -166,26 +176,26 @@ buildPythonPackage rec { # Not testing with a running instance # AttributeError: 'coroutine' object has no attribute 'db' "docs/test_docs.py" - "jupyterhub/tests/test_orm.py" + "jupyterhub/tests/browser/test_browser.py" "jupyterhub/tests/test_api.py" - "jupyterhub/tests/test_auth.py" "jupyterhub/tests/test_auth_expiry.py" + "jupyterhub/tests/test_auth.py" "jupyterhub/tests/test_metrics.py" "jupyterhub/tests/test_named_servers.py" - "jupyterhub/tests/selenium/test_browser.py" - "jupyterhub/tests/test_user.py" + "jupyterhub/tests/test_orm.py" + "jupyterhub/tests/test_pages.py" + "jupyterhub/tests/test_proxy.py" + "jupyterhub/tests/test_scopes.py" + "jupyterhub/tests/test_services_auth.py" "jupyterhub/tests/test_singleuser.py" "jupyterhub/tests/test_spawner.py" - "jupyterhub/tests/test_services_auth.py" - "jupyterhub/tests/test_scopes.py" - "jupyterhub/tests/test_proxy.py" - "jupyterhub/tests/test_pages.py" + "jupyterhub/tests/test_user.py" ]; meta = with lib; { description = "Serves multiple Jupyter notebook instances"; homepage = "https://jupyter.org/"; - changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/changelog.md"; + changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/reference/changelog.md"; license = licenses.bsd3; maintainers = with maintainers; [ ixxie cstrahan ]; # darwin: E OSError: dlopen(/nix/store/43zml0mlr17r5jsagxr00xxx91hz9lky-openpam-20170430/lib/libpam.so, 6): image not found From 0bab948ae434c2c52e2e6db11a2bf5d493cc0257 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 25 Jun 2023 23:39:14 +0200 Subject: [PATCH 06/11] python311Packages.batchspawner: add missing input --- pkgs/development/python-modules/batchspawner/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/batchspawner/default.nix b/pkgs/development/python-modules/batchspawner/default.nix index 09023536a94b4..de3077e5a34e2 100644 --- a/pkgs/development/python-modules/batchspawner/default.nix +++ b/pkgs/development/python-modules/batchspawner/default.nix @@ -2,6 +2,7 @@ , buildPythonPackage , fetchFromGitHub , jupyterhub +, packaging , pythonOlder }: @@ -21,6 +22,7 @@ buildPythonPackage rec { propagatedBuildInputs = [ jupyterhub + packaging ]; # Tests require a job scheduler e.g. slurm, pbs, etc. From f294372fa0579f47c0e318cfff0f418057108d6c Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Mon, 26 Jun 2023 07:53:15 +0200 Subject: [PATCH 07/11] python311Packages.jupyterhub-systemdspawner: 0.11 -> 1.0.1 Diff: https://github.com/jupyterhub/systemdspawner/compare/refs/tags/v0.11...v1.0.1 Changelog: https://github.com/jupyterhub/systemdspawner/blob/v1.0.1/CHANGELOG.md --- .../jupyterhub-systemdspawner/default.nix | 35 ++++++++++++------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix b/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix index 7aeaa6cdb2370..1d5cc192032e9 100644 --- a/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix +++ b/pkgs/development/python-modules/jupyterhub-systemdspawner/default.nix @@ -1,29 +1,26 @@ { lib +, bash , buildPythonPackage , fetchFromGitHub , jupyterhub +, pythonOlder , tornado -, bash }: buildPythonPackage rec { pname = "jupyterhub-systemdspawner"; - version = "0.15"; + version = "1.0.1"; + format = "setuptools"; + + disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "jupyterhub"; repo = "systemdspawner"; - rev = "v${version}"; - hash = "sha256-EUCA+CKCeYr+cLVrqTqe3Q32JkbqeALL6tfOnlVHk8Q="; + rev = "refs/tags/v${version}"; + hash = "sha256-2Pxswa472umovHBUVTIX1l+Glj6bzzgBLsu+p4IA6jA="; }; - propagatedBuildInputs = [ - jupyterhub - tornado - ]; - - buildInputs = [ bash ]; - postPatch = '' substituteInPlace systemdspawner/systemd.py \ --replace "/bin/bash" "${bash}/bin/bash" @@ -32,7 +29,16 @@ buildPythonPackage rec { --replace "/bin/bash" "${bash}/bin/bash" ''; - # no tests + buildInputs = [ + bash + ]; + + propagatedBuildInputs = [ + jupyterhub + tornado + ]; + + # Module has no tests doCheck = false; postInstall = '' @@ -41,9 +47,14 @@ buildPythonPackage rec { patchShebangs $out/bin ''; + pythonImportsCheck = [ + "systemdspawner" + ]; + meta = with lib; { description = "JupyterHub Spawner using systemd for resource isolation"; homepage = "https://github.com/jupyterhub/systemdspawner"; + changelog = "https://github.com/jupyterhub/systemdspawner/blob/v${version}/CHANGELOG.md"; license = licenses.bsd3; maintainers = with maintainers; [ costrouc ]; }; From 62d31a64da95612a60331d91d5b19184ba0c7e30 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Mon, 26 Jun 2023 07:54:12 +0200 Subject: [PATCH 08/11] python311Packages.jupyterhub: add packing --- pkgs/development/python-modules/jupyterhub/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/jupyterhub/default.nix b/pkgs/development/python-modules/jupyterhub/default.nix index 9d53738acf8cd..f20e35611f0c3 100644 --- a/pkgs/development/python-modules/jupyterhub/default.nix +++ b/pkgs/development/python-modules/jupyterhub/default.nix @@ -19,6 +19,7 @@ , nodePackages , notebook , oauthlib +, packaging , pamela , playwright , prometheus-client @@ -128,6 +129,7 @@ buildPythonPackage rec { jinja2 jupyter-telemetry oauthlib + packaging pamela prometheus-client requests From c8791127f6a1a8885949f79146e4d4f63133c0b3 Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Sun, 13 Aug 2023 22:12:58 +0200 Subject: [PATCH 09/11] python311Packages.batchspawner: add changelog to meta --- pkgs/development/python-modules/batchspawner/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/batchspawner/default.nix b/pkgs/development/python-modules/batchspawner/default.nix index de3077e5a34e2..f2e8acfe7a0e3 100644 --- a/pkgs/development/python-modules/batchspawner/default.nix +++ b/pkgs/development/python-modules/batchspawner/default.nix @@ -34,8 +34,9 @@ buildPythonPackage rec { meta = with lib; { description = "A spawner for Jupyterhub to spawn notebooks using batch resource managers"; - homepage = "https://jupyter.org"; + homepage = "https://github.com/jupyterhub/batchspawner"; + changelog = "https://github.com/jupyterhub/batchspawner/blob/v${version}/CHANGELOG.md"; license = licenses.bsd3; - maintainers = [ maintainers.costrouc ]; + maintainers = with maintainers; [ ]; }; } From 6c8cb40e51867b3737298ce574a7f69ee7befd3d Mon Sep 17 00:00:00 2001 From: Tobias Stenzel Date: Mon, 28 Aug 2023 23:04:42 +0200 Subject: [PATCH 10/11] jupyterhub: add jupyerlab to build inputs to fix server startup error --- pkgs/development/python-modules/jupyterhub/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/python-modules/jupyterhub/default.nix b/pkgs/development/python-modules/jupyterhub/default.nix index f20e35611f0c3..782c9379e05b0 100644 --- a/pkgs/development/python-modules/jupyterhub/default.nix +++ b/pkgs/development/python-modules/jupyterhub/default.nix @@ -128,6 +128,7 @@ buildPythonPackage rec { entrypoints jinja2 jupyter-telemetry + jupyterlab oauthlib packaging pamela From bee109d4c4aa9bd8b21d4fd6cfd9cb4eb1babc48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 02:09:11 +0000 Subject: [PATCH 11/11] build(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/backport.yml | 2 +- .github/workflows/basic-eval.yml | 2 +- .github/workflows/check-maintainers-sorted.yaml | 2 +- .github/workflows/editorconfig.yml | 2 +- .github/workflows/manual-nixos.yml | 2 +- .github/workflows/manual-nixpkgs.yml | 2 +- .github/workflows/manual-rendering.yml | 2 +- .github/workflows/periodic-merge-24h.yml | 2 +- .github/workflows/periodic-merge-6h.yml | 2 +- .github/workflows/update-terraform-providers.yml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 60ceb304ee8a8..7964050d8ceeb 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs diff --git a/.github/workflows/basic-eval.yml b/.github/workflows/basic-eval.yml index 605d6a30a383f..ae19418916df0 100644 --- a/.github/workflows/basic-eval.yml +++ b/.github/workflows/basic-eval.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v20 - uses: cachix/cachix-action@v12 with: diff --git a/.github/workflows/check-maintainers-sorted.yaml b/.github/workflows/check-maintainers-sorted.yaml index fc03988b068d3..61df07547f2eb 100644 --- a/.github/workflows/check-maintainers-sorted.yaml +++ b/.github/workflows/check-maintainers-sorted.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 5dd85ca26f9d0..03bd177f31f45 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -24,7 +24,7 @@ jobs: - name: print list of changed files run: | cat "$HOME/changed_files" - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index 85c7ac2d69290..1f8c6b9f296c3 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index 4f76a0d732c8e..6285fb1d26200 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-rendering.yml b/.github/workflows/manual-rendering.yml index ad47776086225..7a99a1621d5aa 100644 --- a/.github/workflows/manual-rendering.yml +++ b/.github/workflows/manual-rendering.yml @@ -17,7 +17,7 @@ jobs: if: github.repository_owner == 'NixOS' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v20 with: # explicitly enable sandbox diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml index ae39d6cfefe2a..ff892f86c9b8e 100644 --- a/.github/workflows/periodic-merge-24h.yml +++ b/.github/workflows/periodic-merge-24h.yml @@ -40,7 +40,7 @@ jobs: into: staging-22.11 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@1.4.0 diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml index 300c418054d77..687c1b99adb22 100644 --- a/.github/workflows/periodic-merge-6h.yml +++ b/.github/workflows/periodic-merge-6h.yml @@ -38,7 +38,7 @@ jobs: into: staging name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@1.4.0 diff --git a/.github/workflows/update-terraform-providers.yml b/.github/workflows/update-terraform-providers.yml index e0e68b4bf14aa..a0a55928902d2 100644 --- a/.github/workflows/update-terraform-providers.yml +++ b/.github/workflows/update-terraform-providers.yml @@ -16,7 +16,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v20 with: nix_path: nixpkgs=channel:nixpkgs-unstable