talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
nixpkgs/pkgs/by-name/de/dependabot-cli/update.sh

49 lines
2.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl gnugrep gnused jq gh nix-prefetch-docker nix gitMinimal
set -x -eu -o pipefail
cd $(dirname "${BASH_SOURCE[0]}")
NIXPKGS_PATH="$(git rev-parse --show-toplevel)"
temp_dir=$(mktemp -d)
trap 'rm -rf "$temp_dir"' EXIT
gh api repos/dependabot/cli/releases/latest > "$temp_dir/latest.json"
VERSION="$(jq -r .tag_name "$temp_dir/latest.json" | sed 's/^v//')"
OLD_VERSION="$(grep -m1 'version = "' ./package.nix | cut -d'"' -f2)"
if [ "$OLD_VERSION" = "$VERSION" ]; then
echo "dependabot is already up-to-date at $OLD_VERSION"
exit 0
fi
SHA256="$(nix-prefetch-url --quiet --unpack https://github.com/dependabot/cli/archive/refs/tags/v${VERSION}.tar.gz)"
HASH="$(nix --extra-experimental-features nix-command hash convert --hash-algo sha256 --to sri "$SHA256")"
nix-prefetch-docker --json --quiet --final-image-name dependabot-update-job-proxy --final-image-tag "nixpkgs-dependabot-cli-$VERSION" ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy latest > "$temp_dir/dependabot-update-job-proxy.json"
nix-prefetch-docker --json --quiet --final-image-name dependabot-updater-github-actions --final-image-tag "nixpkgs-dependabot-cli-$VERSION" ghcr.io/dependabot/dependabot-updater-github-actions latest > "$temp_dir/dependabot-updater-github-actions.json"
setKV () {
sed -i "s,$1 = \"[^v].*\",$1 = \"${2:-}\"," ./package.nix
}
setKV version "${VERSION}"
setKV hash "${HASH}"
setKV updateJobProxy.imageDigest "$(jq -r .imageDigest "$temp_dir/dependabot-update-job-proxy.json")"
setKV updateJobProxy.hash "$(jq -r .hash "$temp_dir/dependabot-update-job-proxy.json")"
setKV updaterGitHubActions.imageDigest "$(jq -r .imageDigest "$temp_dir/dependabot-updater-github-actions.json")"
setKV updaterGitHubActions.hash "$(jq -r .hash "$temp_dir/dependabot-updater-github-actions.json")"
# We need to figure out the vendorHash for this new version, so we initially set it to `lib.fakeHash`
FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
setKV vendorHash "$FAKE_HASH"
set +e
VENDOR_HASH="$(nix-build --no-out-link --log-format internal-json -A dependabot-cli "$NIXPKGS_PATH" 2>&1 >/dev/null | grep "$FAKE_HASH" | grep -o "sha256-[^\\]*" | tail -1)"
set -e
setKV vendorHash "$VENDOR_HASH"
Reference in New Issue View Git Blame Copy Permalink