nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs. nixpkgs-review automatically builds packages changed in the pull requests

NOTE: this project used to be called nix-review

Features

ofborg support: reuses evaluation output of CI to skip local evaluation, but also fallbacks if ofborg is not finished
provides a nix-shell with all packages that did not fail to build
remote builder support
allows to build a subset of packages (great for mass-rebuilds)
allow to build nixos tests
markdown reports
GitHub integration:
- post PR comments with results
- approve or merge PRs (the last one requires maintainer permission)
- Show PR comments/reviews
logs per built or failed package
symlinks build packages to result directory for inspection

Installation

nixpkgs-review is included in nixpkgs. Older versions of nixpkgs might still call it nix-review.

To use it run without installing it, use:

$ nix run nixpkgs.nixpkgs-review

To install it:

$ nix-env -f '<nixpkgs>' -iA nixpkgs-review

To run it from the git repository:

$ nix-build
$ ./result/bin/nixpkgs-review

Note that this asserts formatting with the latest version of black, so you may need to specify a more up to date version of NixPkgs:

$ nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixpkgs-unstable.tar.gz
$ ./result/bin/nixpkgs-review

Development Environment

For IDEs:

$ nix-build -A env -o .venv

or just use:

./bin/nixpkgs-review

Usage

Change to your local nixpkgs repository checkout, i.e.:

cd ~/git/nixpkgs

Note that your local checkout git will be not affected by nixpkgs-review, since it will use git-worktree to perform fast checkouts.

Then run nixpkgs-review by providing the pull request number...

$ nixpkgs-review pr 37242

... or the full pull request url:

$ nixpkgs-review pr https://github.com/NixOS/nixpkgs/pull/37242

The output then looks as follow:

$ git fetch --force https://github.com/NixOS/nixpkgs pull/37242/head:refs/nixpkgs-review/0
$ git worktree add /home/joerg/git/nixpkgs/.review/pr-37242 1cb9f643480612696de93fb2f2a2f3340d0e3156
Preparing /home/joerg/git/nixpkgs/.review/pr-37242 (identifier pr-37242)
Checking out files: 100% (14825/14825), done.
HEAD is now at 1cb9f643480 redis: 4.0.7 -> 4.0.8
Building in /tmp/nox-review-4ml2epyy: redis
$ nix-build --no-out-link --keep-going --max-jobs 4 --option build-use-sandbox true <nixpkgs> -A redis
/nix/store/jbp7m1gshmk8an8sb14glwijgw1chvvq-redis-4.0.8
$ nix-shell -p redis
[nix-shell:~/git/nixpkgs]$ /nix/store/jbp7m1gshmk8an8sb14glwijgw1chvvq-redis-4.0.8/bin/redis-cli --version
redis-cli 4.0.8

To review a local commit without pull request, use the following command:

$ nixpkgs-review rev HEAD

Instead of HEAD also a commit or branch can be given.

To review uncommitted changes, use the following command:

$ nixpkgs-review wip

Staged changes can be reviewed like this:

$ nixpkgs-review wip --staged

If you'd like to post the nixpkgs-review results as a formatted PR comment, pass the --post-result flag:

$ nixpkgs-review pr --post-result 37242

Often, after reviewing a diff on a pull request, you may want to say "This diff looks good to me, approve/merge it provided that there are no package build failures". To do so run the following subcommands from within the nix-shell provided by nixpkgs-review

$ nixpkgs-review pr 37242
nix-shell> nixpkgs-review approve
# Or, if you have maintainer access and would like to merge (provided no build failures):
nix-shell> nixpkgs-review merge
# It is also possible to upload the result report from here
nix-shell> nixpkgs-review post-result
# Review-comments can also be shown
nix-shell> nixpkgs-review comments

Using nix-review in scripts

After building, nixpkgs-review will normally start a nix-shell with the packages built, to allow for interactive testing. To use nixpkgs-review non-interactively in scripts, use the --no-shell command, which can allow for batch processing of multiple reviews or use in scripts/bots.

Example testing multiple unrelated PRs and posting the build results as PR comments for later review:

for pr in 807{60..70}; do
    nixpkgs-review pr --no-shell --post-result $pr && echo "PR $pr succeeded" || echo "PR $pr failed"
done

Remote builder:

Nix-review will pass all arguments given in --build-arg to nix-build:

$ nixpkgs-review pr --build-args="--builders 'ssh://joerg@10.243.29.170'" 37244

As an alternative one can also specify remote builder as usual in /etc/nix/machines or via the nix.buildMachines nixos options in configuration.nix. This allows to parallelize builds across multiple machines.

Github api token

Some commands (i.e. post-result or merge) require a Github API token, and even for read-only calls github returns 403 error messages if your IP hits the rate limit for unauthenticated calls.

To use a token, first create a personal access token.

Then use either the GITHUB_TOKEN environment variable or the --token parameter of the pr subcommand.

$ GITHUB_TOKEN=5ae04810f1e9f17c3297ee4c9e25f3ac1f437c26 nixpkgs-review pr  37244

Additionally nixpkgs-review will also read the oauth_token stored by hub.

Checkout strategy (recommend for r-ryantm + cachix)

By default nixpkgs-review pr will merge the pull request into the pull request's target branch (most commonly master). However at times mass-rebuilding commits have been applied in the target branch, but not yet build by hydra. Often those are not relevant for the current review, but will significantly increase the local build time. For this case the --checkout option can specified to override the default behavior (merge). By setting its value to commit, nixpkgs-review will checkout the user's pull request branch without merging it:

$ nixpkgs-review pr --checkout commit 44534

Only building a subset of packages

To build only certain packages use the --package (or -p) flag.

$ nixpkgs-review pr -p openjpeg -p ImageMagick 49262

There is also --package-regex option that takes a regular expression to match against the attribute name:

# build only linux kernels but not the packages
$ nixpkgs-review pr --packages-regex 'linux_' 51292

-p and --package-regex can be used together in which case the matching packages will merged.

Running tests

NixOS tests can be run by using the --package feature and our nixosTests attribute set:

$ nixpkgs-review pr -p nixosTests.ferm 47077

Ignoring ofborg evaluations

By default, nixpkgs-review will use ofborg's evaluation result if available to figure out what packages need to be rebuild. This can be turned off using --eval local, which is useful if ofborg's evaluation result is outdated. Even if using --eval ofborg, nixpkgs-review will fallback to local evaluation if ofborg's result is not (yet) available.

Review changes in personal forks

Both the rev and the wip subcommand support a --remote argument to overwrite the upstream repository URL (defaults to https://github.com/NixOS/nixpkgs). The following example will use the mayflower nixpkg's fork to fetch the branch where the changes will be merged into:

nixpkgs-review --remote https://github.com/mayflower/nixpkgs wip

Note that this has been not yet implemented for pull requests i.e. pr subcommand.

Roadmap

[ ] build on multiple platforms
[ ] test backports
[ ] show pull request description + diff during review

Run tests

Just like nixpkgs-review also the tests are lightning fast:

$ python3 -m unittest discover .

We also use python3's type hints. To check them use mypy:

$ mypy nixpkgs_review

Related projects:

nox-review:
- works but is slow as a snail: the checkout process of nox-review is slow since it requires multiple git fetches. Also it cannot make use of ofborg's evaluation
- it only builds all packages without providing a nix-shell for review
niff:
- only provides a list of packages that have changed, but does not build packages
- also needs to evaluate changed attributes locally instead of using ofborg