pyrox.dev / nixpkgs
lol
fork atom

vaultwarden: fix update-script

K900 d4c81f85 e2898bc4

+17 -14
+17 -14
pkgs/tools/security/vaultwarden/update.nix
··· 1 - { writeShellScript 1 + { writeShellApplication 2 2 , lib 3 3 , nix 4 4 , nix-prefetch-git ··· 8 8 , gnugrep 9 9 , gnused 10 10 , jq 11 + , yq 11 12 }: 12 13 13 - writeShellScript "update-vaultwarden" '' 14 - PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix nix-prefetch-git nix-update ]} 14 + lib.getExe (writeShellApplication { 15 + name = "update-vaultwarden"; 16 + runtimeInputs = [ curl git gnugrep gnused jq yq nix nix-prefetch-git nix-update ]; 15 17 16 - set -euxo pipefail 18 + text = '' 19 + VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name') 20 + nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION" 17 21 18 - VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name') 19 - nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION" 20 - 21 - URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2" 22 - WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"v([^\"]+)\".*/\\1/") 23 - old_hash=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash) 24 - new_hash=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")) 25 - sed -e "s#$old_hash#$new_hash#" -i pkgs/tools/security/vaultwarden/webvault.nix 26 - nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION" 27 - '' 22 + URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/DockerSettings.yaml" 23 + WEBVAULT_VERSION="$(curl --silent "$URL" | yq -r ".vault_version" | sed s/^v//)" 24 + old_hash="$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)" 25 + new_hash="$(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")" 26 + new_hash_sri="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 "$new_hash")" 27 + sed -e "s#$old_hash#$new_hash_sri#" -i pkgs/tools/security/vaultwarden/webvault.nix 28 + nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION" 29 + ''; 30 + })