nix/docker/heptapod: add update script for image
This commit is contained in:
parent
e1ede118d1
commit
675b65b5da
3 changed files with 47 additions and 8 deletions
|
@ -4,13 +4,7 @@
|
||||||
|
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
let
|
let
|
||||||
origImageArgs = {
|
origImageArgs = builtins.fromJSON (builtins.readFile ./image.json);
|
||||||
imageName = "octobus/heptapod";
|
|
||||||
imageDigest = "sha256:af6a7f47a15410c521a0d620377b98fa6f5715d6f091ea39d7e332146d20786c";
|
|
||||||
sha256 = "sha256:1gdi9q02g2a5y2vmpxray4l8rq3yapqpdbg0fg7xxk9f99ysng7j";
|
|
||||||
finalImageName = "octobus/heptapod";
|
|
||||||
finalImageTag = "0.30.1";
|
|
||||||
};
|
|
||||||
origImage = pkgs.dockerTools.pullImage origImageArgs;
|
origImage = pkgs.dockerTools.pullImage origImageArgs;
|
||||||
|
|
||||||
name = origImageArgs.imageName;
|
name = origImageArgs.imageName;
|
||||||
|
@ -45,5 +39,5 @@ in pkgs.dockerTools.buildImage rec {
|
||||||
'';
|
'';
|
||||||
config.Cmd = ["/assets/wrapper_wrapper"];
|
config.Cmd = ["/assets/wrapper_wrapper"];
|
||||||
} // {
|
} // {
|
||||||
meta = { inherit name tag; };
|
meta = { inherit name tag origImage; };
|
||||||
}
|
}
|
||||||
|
|
7
nix/docker/heptapod/image.json
Normal file
7
nix/docker/heptapod/image.json
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
"imageName": "octobus/heptapod",
|
||||||
|
"imageDigest": "sha256:af6a7f47a15410c521a0d620377b98fa6f5715d6f091ea39d7e332146d20786c",
|
||||||
|
"sha256": "1gdi9q02g2a5y2vmpxray4l8rq3yapqpdbg0fg7xxk9f99ysng7j",
|
||||||
|
"finalImageName": "octobus/heptapod",
|
||||||
|
"finalImageTag": "0.30.1"
|
||||||
|
}
|
38
nix/docker/heptapod/update.sh
Executable file
38
nix/docker/heptapod/update.sh
Executable file
|
@ -0,0 +1,38 @@
|
||||||
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -p go-containerregistry.crane -p jq -i bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
repo="index.docker.io/octobus/heptapod"
|
||||||
|
path="nix.docker.heptapod"
|
||||||
|
depot="$(pwd | grep -o '.*/depot')"
|
||||||
|
|
||||||
|
latest_digest="$(crane digest "$repo:latest")"
|
||||||
|
current_digest="$(jq -r .imageDigest image.json)"
|
||||||
|
|
||||||
|
if [[ "$latest_digest" == "$current_digest" ]]; then
|
||||||
|
echo already up to date
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
crane ls "$repo" | grep -E '^([0-9]+\.)+[0-9]+$' | sort -rV | while read -r tag; do
|
||||||
|
tag_digest="$(crane digest "$repo:$tag")"
|
||||||
|
if [[ "$tag_digest" == "$latest_digest" ]]; then
|
||||||
|
echo "$tag $tag_digest"
|
||||||
|
|
||||||
|
mv image.json image.orig.json
|
||||||
|
jq ".finalImageTag = \"$tag\" | .imageDigest = \"$tag_digest\" | .sha256 = \"sha256:0000000000000000000000000000000000000000000000000000\"" image.orig.json > image.json
|
||||||
|
|
||||||
|
nix-build "$depot" --no-out-link -A "$path.meta.origImage" 2>"image.fetchlog" >/dev/null || true
|
||||||
|
new_hash=$(sed '1,/hash mismatch in fixed-output derivation/d' "image.fetchlog" | grep --perl-regexp --only-matching 'got: +.+[:-]\K.+' | head -n +1)
|
||||||
|
if [[ -z "$new_hash" ]]; then
|
||||||
|
echo "Couldn't figure out new hash"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
jq ".finalImageTag = \"$tag\" | .imageDigest = \"$tag_digest\" | .sha256 = \"$new_hash\"" image.orig.json > image.json
|
||||||
|
rm image.fetchlog image.orig.json
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
exit $?
|
Loading…
Reference in a new issue