Interesting CI failure for nixpkgs-vet:

building '/nix/store/c597vvqnp1c9d00p38pxp0gpax7jr3ax-nixpkgs-vet.drv'...
error: SQLite database '/build/tmp.ZkNPukokVI/db/db.sqlite' is busy
- Nix evaluation failed for some package in `pkgs/by-name`, see error above
This PR introduces the problems listed above. Please fix them before merging, otherwise the base branch would break.

I wonder.. whether that appears in the same case that the "symlink creation errors" have appeared in before...

It'd also be great to get @infinisil's ack. Especially w.r.t. #435596 (comment).

Well, specifically for the comment, I only proposed the change, so far, but didn't implement it, yet. So that shouldn't block merging this. But I agree, it would be good if you, @infinisil, could have a quick look at the general approach for "is this the right branch?" verification here, having spent time on that topic more than enough yourself.

Improved wording based on the resolved comments.

Something doesn't work well, yet: That's PRs for staging/haskell-updates.

Example: #429810

Doing this locally: ./run prepare NixOS nixpkgs 429810, I get:

This PR is for NixOS unstable.
The base branches for this PR are:
github: staging
candidates: haskell-updates
best candidate: haskell-updates
no pending review found
The PR's base branch is set to `staging`, but 136 commits from the `haskell-updates` branch are included. Make sure you know the [right base branch for your changes](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#branch-conventions), then:
- If the changes should go to the `haskell-updates` branch, [change the base branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-base-branch-of-a-pull-request).
- If the changes should go to the `staging` branch, rebase your PR onto the correct merge-base:
  ```bash
  # git rebase --onto $(git merge-base upstream/staging HEAD) $(git merge-base upstream/haskell-updates HEAD)
  git rebase --onto ce24ba99aa6bd01007c0eb16a2f8140b2fa69b3a 699736ec2896277f6532e1e3e961adb968f613a0
  git push --force-with-lease
  ```

Error: The PR contains commits from a different base.

Surprise... the haskell-updates branch includes commits from ... haskell-updates, so haskell-updates itself would be a better target :D

I added an if (headClassification.type.includes('wip')) - only if that's the case, we will do all the "best merge-base" checks. If the head ref is a development branch, then we're merging between these branches and can't sensibly make such a check. Also, it's not required, because these can't be force pushed to anyway, so there is no way to change anything about it.

Surprise... the haskell-updates branch includes commits from ... haskell-updates, so haskell-updates itself would be a better target :D

Could we exclude the head_ref if the PR's repo owner is the same as the workflow's repo owner (i.e. not a PR from a fork)?

That way you would never attempt to match a branch against itself.

Could we exclude the head_ref if the PR's repo owner is the same as the workflow's repo owner (i.e. not a PR from a fork)?

No, that won't be enough. I tried this at first, but this would still break on staging-next, which includes commits from staging, but merges into master. For that case, the script would still suggest staging as the best fit.

I found no other way than to say "if merging between development branches, don't check", which is what I implemented as "only check if the head branch is WIP". Note that every branch that is not a development or channel branch is a WIP branch. That includes not only the wip- prefixed branches, but also all other branches in the nixpkgs repo (revert-, backport-, all those branches without special meaning, e.g python-updates now), but also all branches from forks (no matter the name).

I tested this against a wide variety of different PRs now, targeting different branches etc. - one more thing that doesn't work, yet: A PR targeting r-updates, currently results in:

The PR's base branch is set to `r-updates`, but -22 commits from the `master` branch are included. Make sure you know the [right base branch for your changes](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#branch-conventions), then:
- If the changes should go to the `master` branch, [change the base branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-base-branch-of-a-pull-request).
- If the changes should go to the `r-updates` branch, rebase your PR onto the correct merge-base:
  ```bash
  # git rebase --onto $(git merge-base upstream/r-updates HEAD) $(git merge-base upstream/master HEAD)
  git rebase --onto 06f1f61845fbba5f37167c392fba79a65614c53e 626516d1eb4a0acea3eae889f40c7ae6a8445a6b
  git push --force-with-lease
  ```

That's minus 22 commits, interesting :D

The solution to this is to always include the current target branch in the set of branches to check as well. Once I do that, the script will return r-updates as the best match as expected.

Tested again against all these different branches - this seems to work well now.

Successfully created backport PR for release-25.05:

• [Backport release-25.05] ci/github-script/prepare: identify real base branch #436758