diff --git a/nix/docker/heptapod/default.nix b/nix/docker/heptapod/default.nix index 5ffd06c7b8..963e16c6a9 100644 --- a/nix/docker/heptapod/default.nix +++ b/nix/docker/heptapod/default.nix @@ -4,13 +4,7 @@ { pkgs, ... }: let - origImageArgs = { - imageName = "octobus/heptapod"; - imageDigest = "sha256:af6a7f47a15410c521a0d620377b98fa6f5715d6f091ea39d7e332146d20786c"; - sha256 = "sha256:1gdi9q02g2a5y2vmpxray4l8rq3yapqpdbg0fg7xxk9f99ysng7j"; - finalImageName = "octobus/heptapod"; - finalImageTag = "0.30.1"; - }; + origImageArgs = builtins.fromJSON (builtins.readFile ./image.json); origImage = pkgs.dockerTools.pullImage origImageArgs; name = origImageArgs.imageName; @@ -45,5 +39,5 @@ in pkgs.dockerTools.buildImage rec { ''; config.Cmd = ["/assets/wrapper_wrapper"]; } // { - meta = { inherit name tag; }; + meta = { inherit name tag origImage; }; } diff --git a/nix/docker/heptapod/image.json b/nix/docker/heptapod/image.json new file mode 100644 index 0000000000..61cd890913 --- /dev/null +++ b/nix/docker/heptapod/image.json @@ -0,0 +1,7 @@ +{ + "imageName": "octobus/heptapod", + "imageDigest": "sha256:af6a7f47a15410c521a0d620377b98fa6f5715d6f091ea39d7e332146d20786c", + "sha256": "1gdi9q02g2a5y2vmpxray4l8rq3yapqpdbg0fg7xxk9f99ysng7j", + "finalImageName": "octobus/heptapod", + "finalImageTag": "0.30.1" +} diff --git a/nix/docker/heptapod/update.sh b/nix/docker/heptapod/update.sh new file mode 100755 index 0000000000..2d8dd64cc5 --- /dev/null +++ b/nix/docker/heptapod/update.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env nix-shell +#!nix-shell -p go-containerregistry.crane -p jq -i bash + +set -euo pipefail + +repo="index.docker.io/octobus/heptapod" +path="nix.docker.heptapod" +depot="$(pwd | grep -o '.*/depot')" + +latest_digest="$(crane digest "$repo:latest")" +current_digest="$(jq -r .imageDigest image.json)" + +if [[ "$latest_digest" == "$current_digest" ]]; then + echo already up to date + exit 0 +fi + +crane ls "$repo" | grep -E '^([0-9]+\.)+[0-9]+$' | sort -rV | while read -r tag; do + tag_digest="$(crane digest "$repo:$tag")" + if [[ "$tag_digest" == "$latest_digest" ]]; then + echo "$tag $tag_digest" + + mv image.json image.orig.json + jq ".finalImageTag = \"$tag\" | .imageDigest = \"$tag_digest\" | .sha256 = \"sha256:0000000000000000000000000000000000000000000000000000\"" image.orig.json > image.json + + nix-build "$depot" --no-out-link -A "$path.meta.origImage" 2>"image.fetchlog" >/dev/null || true + new_hash=$(sed '1,/hash mismatch in fixed-output derivation/d' "image.fetchlog" | grep --perl-regexp --only-matching 'got: +.+[:-]\K.+' | head -n +1) + if [[ -z "$new_hash" ]]; then + echo "Couldn't figure out new hash" + exit 1 + fi + + jq ".finalImageTag = \"$tag\" | .imageDigest = \"$tag_digest\" | .sha256 = \"$new_hash\"" image.orig.json > image.json + rm image.fetchlog image.orig.json + break + fi +done +exit $?