tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / applications / networking / cluster / rke2 / update-script.sh
at devShellTools-shell 104 lines 4.9 kB view raw
1#!/usr/bin/env nix-shell 2#!nix-shell -i bash -p curl git gnugrep gnused yq-go nurl go 3 4SHELL_FLAGS=$(set +o) 5set -x -eu -o pipefail 6 7MINOR_VERSION="${1:?Must provide a minor version number, like '26', as the only argument}" 8 9WORKDIR=$(cd $(dirname ${BASH_SOURCE[0]}) && pwd -P) 10mkdir --parents --verbose "${WORKDIR}/1_${MINOR_VERSION}" 11 12NIXPKGS_ROOT="$(git rev-parse --show-toplevel)/" 13OLD_VERSION="$(nix-instantiate --eval -E "(import $NIXPKGS_ROOT. {}).rke2_1_${MINOR_VERSION}.version or \"0\"" | tr -d '"')" 14 15RELEASE_CHANNEL_DATA=$(curl -sS --fail https://update.rke2.io/v1-release/channels | yq ".data[]") 16LATEST_TAG_NAME=$(yq -p=json "select(.id == \"v1.$MINOR_VERSION\") | .latest" <<< "$RELEASE_CHANNEL_DATA") 17LATEST_RELEASE_VERSION=$(yq -p=json 'select(.id == "latest") | .latest' <<< "$RELEASE_CHANNEL_DATA") 18STABLE_RELEASE_VERSION=$(yq -p=json 'select(.id == "stable") | .latest' <<< "$RELEASE_CHANNEL_DATA") 19 20RKE2_VERSION=${LATEST_TAG_NAME/v/} 21RKE2_COMMIT=$(curl -sS --fail "https://api.github.com/repos/rancher/rke2/git/refs/tags/${LATEST_TAG_NAME}" | yq '.object.sha') 22 23PREFETCH_META=$(nix-prefetch-url --unpack --print-path "https://github.com/rancher/rke2/archive/refs/tags/${LATEST_TAG_NAME}.tar.gz") 24STORE_HASH="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 ${PREFETCH_META%%$'\n'*})" 25STORE_PATH="${PREFETCH_META##*$'\n'}" 26 27cd ${STORE_PATH} 28# Used in scripts/version.sh 29GITHUB_ACTION_TAG=${LATEST_TAG_NAME} 30DRONE_COMMIT=${RKE2_COMMIT} 31 32set +u 33source scripts/version.sh 34set -u 35 36ETCD_BUILD=$(grep "images.DefaultEtcdImage" scripts/build-binary | sed 's/.*-\(build[0-9]*\)$/\1/') 37ETCD_VERSION="${ETCD_VERSION}-${ETCD_BUILD}" 38cd ${WORKDIR} 39 40FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" 41 42# Get sha256sums for amd64 and arm64 43SHA256_AMD64=$(curl -L "https://github.com/rancher/rke2/releases/download/v${RKE2_VERSION}/sha256sum-amd64.txt") 44SHA256_ARM64=$(curl -L "https://github.com/rancher/rke2/releases/download/v${RKE2_VERSION}/sha256sum-arm64.txt") 45# Merge both sha256sums in a single variable, one entry per line 46SHA256_SUMS="$SHA256_AMD64\n$SHA256_ARM64" 47# Get a list of images archives that are assets of this release, one entry (name and download_url) per line 48IMAGES_ARCHIVES=$(curl "https://api.github.com/repos/rancher/rke2/releases/tags/v${RKE2_VERSION}" | \ 49 # Filter the assets by name, discard .txt files and legacy image archives (e.g. rke2-images.linux-arm64.tar.gz) 50 jq -r '.assets[] | select(.name | test("^rke2-images-.*\\.tar\\.")) | "\(.name) \(.browser_download_url)"') 51# Iterate over all lines of IMAGES_ARCHIVES, pick the appropriate sha256, and create a JSON file 52# that can be imported by builder.nix 53while read -r name url; do 54 sha256=$(grep "$name" <<< "$SHA256_SUMS" | cut -d ' ' -f 1) 55 # Remove the rke2 prefix and replace all dots in $name with hyphens 56 clean_name=$(sed -e "s/^rke2-//" -e "s/\./-/g" <<< "$name") 57 jq --null-input --arg name "$clean_name" \ 58 --arg url "$url" \ 59 --arg sha256 "$sha256" \ 60 '{$name: {"url": $url, "sha256": $sha256}}' 61done <<<"${IMAGES_ARCHIVES}" | jq --slurp 'reduce .[] as $item ({}; . * $item)' > "${WORKDIR}/1_${MINOR_VERSION}/images-versions.json" 62 63cat << EOF > "${WORKDIR}/1_${MINOR_VERSION}/versions.nix" 64{ 65 rke2Version = "${RKE2_VERSION}"; 66 rke2Commit = "${RKE2_COMMIT}"; 67 rke2TarballHash = "${STORE_HASH}"; 68 rke2VendorHash = "${FAKE_HASH}"; 69 k8sImageTag = "${KUBERNETES_IMAGE_TAG}"; 70 etcdVersion = "${ETCD_VERSION}"; 71 pauseVersion = "${PAUSE_VERSION}"; 72 ccmVersion = "${CCM_VERSION}"; 73 dockerizedVersion = "${DOCKERIZED_VERSION}"; 74 imagesVersions = with builtins; fromJSON (readFile ./images-versions.json); 75} 76EOF 77 78RKE2_VENDOR_HASH=$(nurl -e "(import $NIXPKGS_ROOT. {}).rke2_1_${MINOR_VERSION}.goModules") 79if [ -n "${RKE2_VENDOR_HASH:-}" ]; then 80 sed -i "s#${FAKE_HASH}#${RKE2_VENDOR_HASH}#g" ${WORKDIR}/1_${MINOR_VERSION}/versions.nix 81else 82 echo "Update failed. 'RKE2_VENDOR_HASH' is empty." 83 exit 1 84fi 85 86FILES_CHANGED=("${WORKDIR}/1_${MINOR_VERSION}/versions.nix") 87if [ "$LATEST_TAG_NAME" == "$LATEST_RELEASE_VERSION" ]; then 88 sed -ri "s#^(\s*)rke2_latest = .*;\$#\1rke2_latest = rke2_1_${MINOR_VERSION};#" "${WORKDIR}/default.nix" 89 FILES_CHANGED+=("${WORKDIR}/default.nix") 90elif [ "$LATEST_TAG_NAME" == "$STABLE_RELEASE_VERSION" ]; then 91 sed -ri "s#^(\s*)rke2_stable = .*;\$#\1rke2_stable = rke2_1_${MINOR_VERSION};#" "${WORKDIR}/default.nix" 92 FILES_CHANGED+=("${WORKDIR}/default.nix") 93fi 94 95# Implement commit 96# See: https://nixos.org/manual/nixpkgs/stable/#var-passthru-updateScript-commit 97attr_path="rke2_1_${MINOR_VERSION}" \ 98 old_version="${OLD_VERSION}" \ 99 new_version="${RKE2_VERSION}" \ 100 files=[$(printf '"%s",' "${FILES_CHANGED[@]}")] \ 101 yq --null-input -o=json '[{"attrPath": strenv(attr_path), "oldVersion": strenv(old_version), "newVersion": strenv(new_version), "files": env(files)}]' 102 103set +x 104eval "$SHELL_FLAGS"