diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/authelia/update.sh')
-rwxr-xr-x | nixpkgs/pkgs/servers/authelia/update.sh | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/authelia/update.sh b/nixpkgs/pkgs/servers/authelia/update.sh new file mode 100755 index 000000000000..17eb997a94c8 --- /dev/null +++ b/nixpkgs/pkgs/servers/authelia/update.sh @@ -0,0 +1,91 @@ +#! /usr/bin/env nix-shell +#! nix-shell -I nixpkgs=./. -i bash -p coreutils gnused curl nix jq nodePackages.npm +set -euo pipefail + +DRV_DIR="$(dirname "${BASH_SOURCE[0]}")" +DRV_DIR=$(realpath "$DRV_DIR") +NIXPKGS_ROOT="$DRV_DIR/../../.." +NIXPKGS_ROOT=$(realpath "$NIXPKGS_ROOT") + +instantiateClean() { + nix-instantiate --eval --strict -E "with import ./. {}; $1" | cut -d\" -f2 +} +fetchNewHash() { + set +eo pipefail + HASH="$(nix-build -A "$1" 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')" + set -eo pipefail + if [ -z "$HASH" ]; then + echo "Could not generate hash" >&2 + exit 1 + else + echo "$HASH" + fi +} +replace() { + sed -i "s@$1@$2@g" "$3" +} + +grab_version() { + instantiateClean "authelia.version" +} + +# provide a github token so you don't get rate limited +# if you use gh cli you can use: +# `export GITHUB_TOKEN="$(cat ~/.config/gh/config.yml | yq '.hosts."github.com".oauth_token' -r)"` +# or just set your token by hand: +# `read -s -p "Enter your token: " GITHUB_TOKEN; export GITHUB_TOKEN` +# (we use read so it doesn't show in our shell history and in secret mode so the token you paste isn't visible) +if [ -z "${GITHUB_TOKEN:-}" ]; then + echo "no GITHUB_TOKEN provided - you could meet API request limiting" >&2 +fi + +OLD_VERSION=$(instantiateClean "authelia.version") + +LATEST_TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} --silent https://api.github.com/repos/authelia/authelia/releases/latest | jq -r '.tag_name') +NEW_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//') + +if [[ "$OLD_VERSION" == "$NEW_VERSION" ]]; then + echo "already up to date" + exit +fi + +TMP_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" +echo "New version $NEW_VERSION" +replace "$OLD_VERSION" "$NEW_VERSION" "$DRV_DIR/sources.nix" +OLD_SRC_HASH="$(instantiateClean authelia.src.outputHash)" +echo "Old src hash $OLD_SRC_HASH" +replace "$OLD_SRC_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix" +NEW_SRC_HASH="$(fetchNewHash authelia.src)" +echo "New src hash $NEW_SRC_HASH" +replace "$TMP_HASH" "$NEW_SRC_HASH" "$DRV_DIR/sources.nix" + +# after updating src the next focus is the web dependencies +# build package-lock.json since authelia uses pnpm +WEB_DIR=$(mktemp -d) +clean_up() { + rm -rf "$WEB_DIR" +} +trap clean_up EXIT + +OLD_PWD=$PWD +cd $WEB_DIR +OUT=$(nix-build -E "with import $NIXPKGS_ROOT {}; authelia.src" --no-out-link) +cp -r $OUT/web/package.json . +npm install --package-lock-only --legacy-peer-deps --ignore-scripts +mv package-lock.json "$DRV_DIR/" +cd $OLD_PWD + +OLD_NPM_DEPS_HASH="$(instantiateClean authelia.web.npmDepsHash)" +echo "Old npm deps hash $OLD_NPM_DEPS_HASH" +replace "$OLD_NPM_DEPS_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix" +NEW_NPM_DEPS_HASH="$(fetchNewHash authelia.web)" +echo "New npm deps hash $NEW_NPM_DEPS_HASH" +replace "$TMP_HASH" "$NEW_NPM_DEPS_HASH" "$DRV_DIR/sources.nix" +clean_up + +OLD_GO_VENDOR_HASH="$(instantiateClean authelia.vendorHash)" +echo "Old go vendor hash $OLD_GO_VENDOR_HASH" +replace "$OLD_GO_VENDOR_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix" +NEW_GO_VENDOR_HASH="$(fetchNewHash authelia.goModules)" +echo "New go vendor hash $NEW_GO_VENDOR_HASH" +replace "$TMP_HASH" "$NEW_GO_VENDOR_HASH" "$DRV_DIR/sources.nix" |