about summary refs log tree commit diff
path: root/nixpkgs/pkgs/servers/authelia/update.sh
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/servers/authelia/update.sh')
-rwxr-xr-xnixpkgs/pkgs/servers/authelia/update.sh91
1 files changed, 91 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/authelia/update.sh b/nixpkgs/pkgs/servers/authelia/update.sh
new file mode 100755
index 000000000000..17eb997a94c8
--- /dev/null
+++ b/nixpkgs/pkgs/servers/authelia/update.sh
@@ -0,0 +1,91 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -I nixpkgs=./. -i bash -p coreutils gnused curl nix jq nodePackages.npm
+set -euo pipefail
+
+DRV_DIR="$(dirname "${BASH_SOURCE[0]}")"
+DRV_DIR=$(realpath "$DRV_DIR")
+NIXPKGS_ROOT="$DRV_DIR/../../.."
+NIXPKGS_ROOT=$(realpath "$NIXPKGS_ROOT")
+
+instantiateClean() {
+    nix-instantiate --eval --strict -E "with import ./. {}; $1" | cut -d\" -f2
+}
+fetchNewHash() {
+    set +eo pipefail
+    HASH="$(nix-build -A "$1" 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')"
+    set -eo pipefail
+    if [ -z "$HASH" ]; then
+      echo "Could not generate hash" >&2
+      exit 1
+    else
+      echo "$HASH"
+    fi
+}
+replace() {
+    sed -i "s@$1@$2@g" "$3"
+}
+
+grab_version() {
+    instantiateClean "authelia.version"
+}
+
+# provide a github token so you don't get rate limited
+# if you use gh cli you can use:
+#     `export GITHUB_TOKEN="$(cat ~/.config/gh/config.yml | yq '.hosts."github.com".oauth_token' -r)"`
+# or just set your token by hand:
+#     `read -s -p "Enter your token: " GITHUB_TOKEN; export GITHUB_TOKEN`
+#     (we use read so it doesn't show in our shell history and in secret mode so the token you paste isn't visible)
+if [ -z "${GITHUB_TOKEN:-}" ]; then
+    echo "no GITHUB_TOKEN provided - you could meet API request limiting" >&2
+fi
+
+OLD_VERSION=$(instantiateClean "authelia.version")
+
+LATEST_TAG=$(curl ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} --silent https://api.github.com/repos/authelia/authelia/releases/latest | jq -r '.tag_name')
+NEW_VERSION=$(echo ${LATEST_TAG} | sed 's/^v//')
+
+if [[ "$OLD_VERSION" == "$NEW_VERSION" ]]; then
+    echo "already up to date"
+    exit
+fi
+
+TMP_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
+echo "New version $NEW_VERSION"
+replace "$OLD_VERSION" "$NEW_VERSION" "$DRV_DIR/sources.nix"
+OLD_SRC_HASH="$(instantiateClean authelia.src.outputHash)"
+echo "Old src hash $OLD_SRC_HASH"
+replace "$OLD_SRC_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix"
+NEW_SRC_HASH="$(fetchNewHash authelia.src)"
+echo "New src hash $NEW_SRC_HASH"
+replace "$TMP_HASH" "$NEW_SRC_HASH" "$DRV_DIR/sources.nix"
+
+# after updating src the next focus is the web dependencies
+# build package-lock.json since authelia uses pnpm
+WEB_DIR=$(mktemp -d)
+clean_up() {
+  rm -rf "$WEB_DIR"
+}
+trap clean_up EXIT
+
+OLD_PWD=$PWD
+cd $WEB_DIR
+OUT=$(nix-build -E "with import $NIXPKGS_ROOT {}; authelia.src" --no-out-link)
+cp -r $OUT/web/package.json .
+npm install --package-lock-only --legacy-peer-deps --ignore-scripts
+mv package-lock.json "$DRV_DIR/"
+cd $OLD_PWD
+
+OLD_NPM_DEPS_HASH="$(instantiateClean authelia.web.npmDepsHash)"
+echo "Old npm deps hash $OLD_NPM_DEPS_HASH"
+replace "$OLD_NPM_DEPS_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix"
+NEW_NPM_DEPS_HASH="$(fetchNewHash authelia.web)"
+echo "New npm deps hash $NEW_NPM_DEPS_HASH"
+replace "$TMP_HASH" "$NEW_NPM_DEPS_HASH" "$DRV_DIR/sources.nix"
+clean_up
+
+OLD_GO_VENDOR_HASH="$(instantiateClean authelia.vendorHash)"
+echo "Old go vendor hash $OLD_GO_VENDOR_HASH"
+replace "$OLD_GO_VENDOR_HASH" "$TMP_HASH" "$DRV_DIR/sources.nix"
+NEW_GO_VENDOR_HASH="$(fetchNewHash authelia.goModules)"
+echo "New go vendor hash $NEW_GO_VENDOR_HASH"
+replace "$TMP_HASH" "$NEW_GO_VENDOR_HASH" "$DRV_DIR/sources.nix"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 02:25:51 +0000