nix/docker/heptapod: add update script for image

This commit is contained in:
Luke Granger-Brown 2022-04-09 20:17:32 +01:00
parent e1ede118d1
commit 675b65b5da
3 changed files with 47 additions and 8 deletions

View file

@ -4,13 +4,7 @@
{ pkgs, ... }: { pkgs, ... }:
let let
origImageArgs = { origImageArgs = builtins.fromJSON (builtins.readFile ./image.json);
imageName = "octobus/heptapod";
imageDigest = "sha256:af6a7f47a15410c521a0d620377b98fa6f5715d6f091ea39d7e332146d20786c";
sha256 = "sha256:1gdi9q02g2a5y2vmpxray4l8rq3yapqpdbg0fg7xxk9f99ysng7j";
finalImageName = "octobus/heptapod";
finalImageTag = "0.30.1";
};
origImage = pkgs.dockerTools.pullImage origImageArgs; origImage = pkgs.dockerTools.pullImage origImageArgs;
name = origImageArgs.imageName; name = origImageArgs.imageName;
@ -45,5 +39,5 @@ in pkgs.dockerTools.buildImage rec {
''; '';
config.Cmd = ["/assets/wrapper_wrapper"]; config.Cmd = ["/assets/wrapper_wrapper"];
} // { } // {
meta = { inherit name tag; }; meta = { inherit name tag origImage; };
} }

View file

@ -0,0 +1,7 @@
{
"imageName": "octobus/heptapod",
"imageDigest": "sha256:af6a7f47a15410c521a0d620377b98fa6f5715d6f091ea39d7e332146d20786c",
"sha256": "1gdi9q02g2a5y2vmpxray4l8rq3yapqpdbg0fg7xxk9f99ysng7j",
"finalImageName": "octobus/heptapod",
"finalImageTag": "0.30.1"
}

38
nix/docker/heptapod/update.sh Executable file
View file

@ -0,0 +1,38 @@
#!/usr/bin/env nix-shell
#!nix-shell -p go-containerregistry.crane -p jq -i bash
set -euo pipefail
repo="index.docker.io/octobus/heptapod"
path="nix.docker.heptapod"
depot="$(pwd | grep -o '.*/depot')"
latest_digest="$(crane digest "$repo:latest")"
current_digest="$(jq -r .imageDigest image.json)"
if [[ "$latest_digest" == "$current_digest" ]]; then
echo already up to date
exit 0
fi
crane ls "$repo" | grep -E '^([0-9]+\.)+[0-9]+$' | sort -rV | while read -r tag; do
tag_digest="$(crane digest "$repo:$tag")"
if [[ "$tag_digest" == "$latest_digest" ]]; then
echo "$tag $tag_digest"
mv image.json image.orig.json
jq ".finalImageTag = \"$tag\" | .imageDigest = \"$tag_digest\" | .sha256 = \"sha256:0000000000000000000000000000000000000000000000000000\"" image.orig.json > image.json
nix-build "$depot" --no-out-link -A "$path.meta.origImage" 2>"image.fetchlog" >/dev/null || true
new_hash=$(sed '1,/hash mismatch in fixed-output derivation/d' "image.fetchlog" | grep --perl-regexp --only-matching 'got: +.+[:-]\K.+' | head -n +1)
if [[ -z "$new_hash" ]]; then
echo "Couldn't figure out new hash"
exit 1
fi
jq ".finalImageTag = \"$tag\" | .imageDigest = \"$tag_digest\" | .sha256 = \"$new_hash\"" image.orig.json > image.json
rm image.fetchlog image.orig.json
break
fi
done
exit $?