pkgs/by-name/de/dependabot-cli/update.sh at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / by-name / de / dependabot-cli / update.sh

at devShellTools-shell 2.3 kB view raw

 1#!/usr/bin/env nix-shell
 2#!nix-shell -i bash -p curl gnugrep gnused jq gh nix-prefetch-docker nix gitMinimal
 3
 4set -x -eu -o pipefail
 5
 6cd $(dirname "${BASH_SOURCE[0]}")
 7
 8NIXPKGS_PATH="$(git rev-parse --show-toplevel)"
 9
10temp_dir=$(mktemp -d)
11trap 'rm -rf "$temp_dir"' EXIT
12
13gh api repos/dependabot/cli/releases/latest > "$temp_dir/latest.json"
14
15VERSION="$(jq -r .tag_name "$temp_dir/latest.json" | sed 's/^v//')"
16OLD_VERSION="$(grep -m1 'version = "' ./package.nix | cut -d'"' -f2)"
17
18if [ "$OLD_VERSION" = "$VERSION" ]; then
19  echo "dependabot is already up-to-date at $OLD_VERSION"
20  exit 0
21fi
22
23SHA256="$(nix-prefetch-url --quiet --unpack https://github.com/dependabot/cli/archive/refs/tags/v${VERSION}.tar.gz)"
24HASH="$(nix --extra-experimental-features nix-command hash convert --hash-algo sha256 --to sri "$SHA256")"
25
26nix-prefetch-docker --json --quiet --final-image-name dependabot-update-job-proxy --final-image-tag "nixpkgs-dependabot-cli-$VERSION" ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy latest > "$temp_dir/dependabot-update-job-proxy.json"
27
28nix-prefetch-docker --json --quiet --final-image-name dependabot-updater-github-actions --final-image-tag "nixpkgs-dependabot-cli-$VERSION" ghcr.io/dependabot/dependabot-updater-github-actions latest > "$temp_dir/dependabot-updater-github-actions.json"
29
30setKV () {
31    sed -i "s,$1 = \"[^v].*\",$1 = \"${2:-}\"," ./package.nix
32}
33
34setKV version "${VERSION}"
35setKV hash "${HASH}"
36setKV updateJobProxy.imageDigest "$(jq -r .imageDigest "$temp_dir/dependabot-update-job-proxy.json")"
37setKV updateJobProxy.hash "$(jq -r .hash "$temp_dir/dependabot-update-job-proxy.json")"
38setKV updaterGitHubActions.imageDigest "$(jq -r .imageDigest "$temp_dir/dependabot-updater-github-actions.json")"
39setKV updaterGitHubActions.hash "$(jq -r .hash "$temp_dir/dependabot-updater-github-actions.json")"
40
41# We need to figure out the vendorHash for this new version, so we initially set it to `lib.fakeHash`
42FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
43setKV vendorHash "$FAKE_HASH"
44
45set +e
46VENDOR_HASH="$(nix-build --no-out-link --log-format internal-json -A dependabot-cli "$NIXPKGS_PATH" 2>&1 >/dev/null | grep "$FAKE_HASH" | grep -o "sha256-[^\\]*" | tail -1)"
47set -e
48setKV vendorHash "$VENDOR_HASH"