tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / applications / networking / cluster / k3s / update-script.sh
at devShellTools-shell 143 lines 6.0 kB view raw
1#!/usr/bin/env nix-shell 2#!nix-shell -i bash -p curl git gnugrep gnused go jq nurl yq-go 3 4set -x -eu -o pipefail 5 6MINOR_VERSION="${1:?Must provide a minor version number, like '26', as the only argument}" 7 8WORKDIR=$(mktemp -d) 9trap "rm -rf ${WORKDIR}" EXIT 10 11NIXPKGS_ROOT="$(git rev-parse --show-toplevel)"/ 12NIXPKGS_K3S_PATH=$(cd $(dirname ${BASH_SOURCE[0]}); pwd -P)/ 13OLD_VERSION="$(nix-instantiate --eval -E "with import $NIXPKGS_ROOT. {}; k3s_1_${MINOR_VERSION}.version or (builtins.parseDrvName k3s_1_${MINOR_VERSION}.name).version" | tr -d '"')" 14 15LATEST_TAG_RAWFILE=${WORKDIR}/latest_tag.json 16curl --silent -f ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \ 17 https://api.github.com/repos/k3s-io/k3s/releases > ${LATEST_TAG_RAWFILE} 18 19LATEST_TAG_NAME=$(cat ${LATEST_TAG_RAWFILE} | \ 20 jq -r 'map(select(.prerelease == false))' | \ 21 jq 'map(.tag_name)' | \ 22 grep -v -e rc -e engine | tail -n +2 | head -n -1 | sed 's|[", ]||g' | sort -rV | grep -E "^v1\.${MINOR_VERSION}\." | head -n1) 23 24K3S_VERSION=$(echo ${LATEST_TAG_NAME} | sed 's/^v//') 25 26K3S_COMMIT=$(curl --silent -f ${GITHUB_TOKEN:+-u ":$GITHUB_TOKEN"} \ 27 https://api.github.com/repos/k3s-io/k3s/git/refs/tags \ 28 | jq -r "map(select(.ref == \"refs/tags/${LATEST_TAG_NAME}\")) | .[0] | .object.sha") 29 30PREFETCH_META=$(nix-prefetch-url --unpack --print-path https://github.com/k3s-io/k3s/archive/refs/tags/${LATEST_TAG_NAME}.tar.gz) 31K3S_STORE_PATH=${PREFETCH_META#*$'\n'} 32K3S_REPO_SHA256=${PREFETCH_META%$'\n'*} 33 34cd "$K3S_STORE_PATH" 35# Set the DRONE variables as they are expected to be set in version.sh 36DRONE_TAG="$LATEST_TAG_NAME" 37DRONE_COMMIT="$K3S_COMMIT" 38NO_DAPPER="" # Source git_version.sh in scripts/version.sh#L8 39source "${K3S_STORE_PATH}/scripts/version.sh" 40 41K3S_ROOT_SHA256=$(nix-prefetch-url --quiet --unpack \ 42 "https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-amd64.tar") 43CNIPLUGINS_SHA256=$(nix-prefetch-url --quiet --unpack \ 44 "https://github.com/rancher/plugins/archive/refs/tags/${VERSION_CNIPLUGINS}.tar.gz") 45CONTAINERD_SHA256=$(nix-prefetch-url --quiet --unpack \ 46 "https://github.com/k3s-io/containerd/archive/refs/tags/${VERSION_CONTAINERD}.tar.gz") 47 48CHART_FILES=( $(yq eval --no-doc .spec.chart "${K3S_STORE_PATH}/manifests/traefik.yaml" | xargs -n1 basename) ) 49# These files are: 50# 1. traefik-crd-20.3.1+up20.3.0.tgz 51# 2. traefik-20.3.1+up20.3.0.tgz 52# at the time of writing 53 54if [[ "${#CHART_FILES[@]}" != "2" ]]; then 55 echo "New manifest charts added, the packaging scripts will need to be updated: ${CHART_FILES}" 56 exit 1 57fi 58 59cd "${NIXPKGS_K3S_PATH}/1_${MINOR_VERSION}" 60 61CHARTS_URL=https://k3s.io/k3s-charts/assets 62# Get metadata for both files 63rm -f chart-versions.nix.update 64cat > chart-versions.nix.update <<EOF 65{ 66 traefik-crd = { 67 url = "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}"; 68 sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik-crd/${CHART_FILES[0]}")"; 69 }; 70 traefik = { 71 url = "${CHARTS_URL}/traefik/${CHART_FILES[1]}"; 72 sha256 = "$(nix-prefetch-url --quiet "${CHARTS_URL}/traefik/${CHART_FILES[1]}")"; 73 }; 74} 75EOF 76mv chart-versions.nix.update chart-versions.nix 77 78# Concatenate all sha256sums, one entry per line 79SHA256_HASHES="$(curl -L "https://github.com/k3s-io/k3s/releases/download/v${K3S_VERSION}/sha256sum-amd64.txt") 80 \n$(curl -L "https://github.com/k3s-io/k3s/releases/download/v${K3S_VERSION}/sha256sum-arm64.txt") 81 \n$(curl -L "https://github.com/k3s-io/k3s/releases/download/v${K3S_VERSION}/sha256sum-arm.txt")" 82 83# Get all airgap images files associated with this release 84IMAGES_ARCHIVES=$(curl "https://api.github.com/repos/k3s-io/k3s/releases/tags/v${K3S_VERSION}" | \ 85 # Filter the assets so that only zstd archives and text files that have "images" in their name remain 86 jq -r '.assets[] | select(.name | contains("images")) | 87 select(.content_type == "application/zstd" or .content_type == "text/plain; charset=utf-8") | 88 "\(.name) \(.browser_download_url)"') 89 90# Create a JSON object for each airgap images file and prefetch all download URLs in the process 91# Combine all JSON objects and write the result to images-versions.json 92while read -r name url; do 93 # Pick the right hash based on the name 94 sha256=$(grep "$name" <<< "$SHA256_HASHES" | cut -d ' ' -f 1) 95 # Remove the k3s- prefix and file endings 96 clean_name=$(sed -e 's/^k3s-//' -e 's/\.tar\.zst//' -e 's/\.txt/-list/' <<< "$name") 97 jq --null-input --arg name "$clean_name" \ 98 --arg url "$url" \ 99 --arg sha256 "$sha256" \ 100 '{$name: {"url": $url, "sha256": $sha256}}' 101done <<<"${IMAGES_ARCHIVES}" | jq --slurp 'reduce .[] as $item ({}; . * $item)' > images-versions.json 102 103FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; 104 105cat >versions.nix <<EOF 106{ 107 k3sVersion = "${K3S_VERSION}"; 108 k3sCommit = "${K3S_COMMIT}"; 109 k3sRepoSha256 = "${K3S_REPO_SHA256}"; 110 k3sVendorHash = "${FAKE_HASH}"; 111 chartVersions = import ./chart-versions.nix; 112 imagesVersions = builtins.fromJSON (builtins.readFile ./images-versions.json); 113 k3sRootVersion = "${VERSION_ROOT:1}"; 114 k3sRootSha256 = "${K3S_ROOT_SHA256}"; 115 k3sCNIVersion = "${VERSION_CNIPLUGINS:1}"; 116 k3sCNISha256 = "${CNIPLUGINS_SHA256}"; 117 containerdVersion = "${VERSION_CONTAINERD:1}"; 118 containerdSha256 = "${CONTAINERD_SHA256}"; 119 criCtlVersion = "${VERSION_CRICTL:1}"; 120} 121EOF 122 123set +e 124K3S_VENDOR_HASH=$(nurl -e "(import ${NIXPKGS_ROOT}. {}).k3s_1_${MINOR_VERSION}.goModules") 125set -e 126 127if [ -n "${K3S_VENDOR_HASH:-}" ]; then 128 sed -i "s|${FAKE_HASH}|${K3S_VENDOR_HASH}|g" ./versions.nix 129else 130 echo "Update failed. K3S_VENDOR_HASH is empty." 131 exit 1 132fi 133 134# Implement commit 135# See https://nixos.org/manual/nixpkgs/stable/#var-passthru-updateScript-commit 136cat <<EOF 137[{ 138 "attrPath": "k3s_1_${MINOR_VERSION}", 139 "oldVersion": "$OLD_VERSION", 140 "newVersion": "$K3S_VERSION", 141 "files": ["$PWD/versions.nix","$PWD/chart-versions.nix","$PWD/images-versions.json"] 142}] 143EOF