pkgs/development/compilers/dotnet/update.nix at 24.05-beta

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / development / compilers / dotnet / update.nix
at 24.05-beta 125 lines 3.4 kB view raw
wrap content
  1{ stdenvNoCC
  2, lib
  3, fetchurl
  4, writeScript
  5, nix
  6, runtimeShell
  7, curl
  8, cacert
  9, jq
 10, yq
 11, gnupg
 12
 13, releaseManifestFile
 14, releaseInfoFile
 15, allowPrerelease
 16}:
 17
 18let
 19  inherit (lib.importJSON releaseManifestFile) channel release;
 20
 21  pkg = stdenvNoCC.mkDerivation {
 22    name = "update-dotnet-vmr-env";
 23
 24    nativeBuildInputs = [
 25      nix
 26      curl
 27      cacert
 28      jq
 29      yq
 30      gnupg
 31    ];
 32  };
 33
 34  releaseKey = fetchurl {
 35    url = "https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc";
 36    hash = "sha256-F668QB55md0GQvoG0jeA66Fb2RbrsRhFTzTbXIX3GUo=";
 37  };
 38
 39  drv = builtins.unsafeDiscardOutputDependency pkg.drvPath;
 40
 41in writeScript "update-dotnet-vmr.sh" ''
 42  #! ${nix}/bin/nix-shell
 43  #! nix-shell -i ${runtimeShell} --pure ${drv}
 44  set -euo pipefail
 45
 46  query=$(cat <<EOF
 47      map(
 48          select(
 49              ${lib.optionalString (!allowPrerelease) ".prerelease == false and"}
 50              .draft == false and
 51              (.name | startswith(".NET ${channel}")))) |
 52      first | (
 53          .tag_name,
 54          (.assets |
 55              .[] |
 56              select(.name == "release.json") |
 57              .browser_download_url),
 58          (.assets |
 59              .[] |
 60              select(.name | endswith(".tar.gz.sig")) |
 61              .browser_download_url))
 62  EOF
 63  )
 64
 65  (
 66      curl -fsL https://api.github.com/repos/dotnet/dotnet/releases | \
 67      jq -r "$query" \
 68  ) | (
 69      read tagName
 70      read releaseUrl
 71      read sigUrl
 72
 73      tmp="$(mktemp -d)"
 74      trap 'rm -rf "$tmp"' EXIT
 75
 76      cd "$tmp"
 77
 78      curl -fsL "$releaseUrl" -o release.json
 79      release=$(jq -r .release release.json)
 80
 81      if [[ "$release" == "${release}" ]]; then
 82          >&2 echo "release is already $release"
 83          exit
 84      fi
 85
 86      tarballUrl=https://github.com/dotnet/dotnet/archive/refs/tags/$tagName.tar.gz
 87
 88      mapfile -t prefetch < <(nix-prefetch-url --print-path "$tarballUrl")
 89      tarballHash=$(nix-hash --to-sri --type sha256 "''${prefetch[0]}")
 90      tarball=''${prefetch[1]}
 91
 92      curl -L "$sigUrl" -o release.sig
 93
 94      export GNUPGHOME=$PWD/.gnupg
 95      gpg --batch --import ${releaseKey}
 96      gpg --batch --verify release.sig "$tarball"
 97
 98      tar --strip-components=1 --no-wildcards-match-slash --wildcards -xzf "$tarball" \*/eng/Versions.props
 99      artifactsVersion=$(xq -r '.Project.PropertyGroup |
100          map(select(.PrivateSourceBuiltArtifactsVersion))
101          | .[] | .PrivateSourceBuiltArtifactsVersion' eng/Versions.props)
102
103      if [[ "$artifactsVersion" != "" ]]; then
104          artifactsUrl=https://dotnetcli.azureedge.net/source-built-artifacts/assets/Private.SourceBuilt.Artifacts.$artifactsVersion.centos.8-x64.tar.gz
105      else
106          artifactsUrl=$(xq -r '.Project.PropertyGroup |
107              map(select(.PrivateSourceBuiltArtifactsUrl))
108              | .[] | .PrivateSourceBuiltArtifactsUrl' eng/Versions.props)
109      fi
110
111      artifactsHash=$(nix-hash --to-sri --type sha256 "$(nix-prefetch-url "$artifactsUrl")")
112
113      jq --null-input \
114          --arg _0 "$tarballHash" \
115          --arg _1 "$artifactsUrl" \
116          --arg _2 "$artifactsHash" \
117          '{
118              "tarballHash": $_0,
119              "artifactsUrl": $_1,
120              "artifactsHash": $_2,
121          }' > "${toString releaseInfoFile}"
122
123      cp release.json "${toString releaseManifestFile}"
124  )
125''