CI Support Files in Nixpkgs

# CI support files This directory contains files to support CI, such as [GitHub Actions](https://github.com/NixOS/nixpkgs/tree/master/.github/workflows) and [Ofborg](https://github.com/nixos/ofborg). This is in contrast with [`maintainers/scripts`](../maintainers/scripts) which is for human use instead. ## Pinned Nixpkgs CI may need certain packages from Nixpkgs. In order to ensure that the needed packages are generally available without building, [`pinned.json`](./pinned.json) contains a pinned Nixpkgs version tested by Hydra. Run [`update-pinned.sh`](./update-pinned.sh) to update it. ## `ci/nixpkgs-vet.sh BASE_BRANCH [REPOSITORY]` Runs the [`nixpkgs-vet` tool](https://github.com/NixOS/nixpkgs-vet) on the HEAD commit, closely matching what CI does. This can't do exactly the same as CI, because CI needs to rely on GitHub's server-side Git history to compute the mergeability of PRs before the check can be started. In turn, when contributors are running this tool locally, we don't want to have to push commits to test them, and we can also rely on the local Git history to do the mergeability check. Arguments: - `BASE_BRANCH`: The base branch to use, e.g. master or release-24.05 - `REPOSITORY`: The repository from which to fetch the base branch. Defaults to <https://github.com/NixOS/nixpkgs.git>.

This section describes the files located in the `ci` directory of Nixpkgs, which are used for Continuous Integration (CI) processes. It highlights the distinction between these files and those in `maintainers/scripts`, which are intended for human use. The `pinned.json` file contains a pinned Nixpkgs version tested by Hydra, and the `update-pinned.sh` script updates it. The `ci/nixpkgs-vet.sh` script runs the `nixpkgs-vet` tool, mimicking the CI environment, to check for security vulnerabilities.