maint/update_nixpkgs: init
This commit is contained in:
parent
e0969055f6
commit
7f99b80dbe
6 changed files with 149 additions and 1 deletions
|
@ -9,6 +9,7 @@ let
|
|||
images = {
|
||||
"registry.apps.k8s.lukegb.tech/twitterchiver/archiver:latest" = depot.go.twitterchiver.archiver.dockerImage;
|
||||
"registry.apps.k8s.lukegb.tech/lukegb-openshiftauth-test/example:latest" = depot.go.openshiftauth.example.dockerImage;
|
||||
"registry.apps.k8s.lukegb.tech/depotcron/update_nixpkgs:latest" = depot.ops.maint.update_nixpkgs;
|
||||
};
|
||||
|
||||
crane = "${depot.nix.pkgs.crane}/bin/crane";
|
||||
|
|
|
@ -4,5 +4,6 @@
|
|||
|
||||
args: {
|
||||
nixos = import ./nixos args;
|
||||
maint = import ./maint args;
|
||||
secrets = import ./secrets args;
|
||||
}
|
7
ops/maint/default.nix
Normal file
7
ops/maint/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
args: {
|
||||
update_nixpkgs = import ./update_nixpkgs args;
|
||||
}
|
61
ops/maint/update_nixpkgs/default.nix
Normal file
61
ops/maint/update_nixpkgs/default.nix
Normal file
|
@ -0,0 +1,61 @@
|
|||
{ depot, lib, ... }:
|
||||
let
|
||||
inherit (depot) pkgs;
|
||||
mercurial = (pkgs.mercurial.overridePythonAttrs (origAttrs: {
|
||||
propagatedBuildInputs = origAttrs.propagatedBuildInputs ++ [pkgs.python3Packages.hg-evolve];
|
||||
}));
|
||||
updateNixpkgs = pkgs.runCommandNoCC "update_nixpkgs" {
|
||||
buildInputs = with pkgs; [ makeWrapper ];
|
||||
} ''
|
||||
mkdir -p $out/bin
|
||||
cp ${./update_nixpkgs.sh} $out/bin/update_nixpkgs
|
||||
chmod +x $out/bin/update_nixpkgs
|
||||
patchShebangs --host $out/bin
|
||||
wrapProgram $out/bin/update_nixpkgs \
|
||||
--prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [ bashInteractive mercurial openssh coreutils copybara git gnused ])}
|
||||
'';
|
||||
in
|
||||
pkgs.dockerTools.buildImage {
|
||||
name = "update_nixpkgs";
|
||||
config = {
|
||||
Cmd = [ "${updateNixpkgs}/bin/update_nixpkgs" ];
|
||||
Env = [
|
||||
"SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
"USER=root"
|
||||
];
|
||||
};
|
||||
|
||||
contents = [
|
||||
pkgs.cacert updateNixpkgs
|
||||
(pkgs.runCommandNoCC "update_nixpkgs_content" {} ''
|
||||
mkdir $out $out/root $out/root/.ssh $out/etc $out/tmp
|
||||
chmod 700 $out/root $out/root/.ssh
|
||||
chmod 1777 $out/tmp
|
||||
|
||||
cat <<EOF >$out/etc/passwd
|
||||
root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
|
||||
EOF
|
||||
|
||||
cat <<EOF >$out/root/.ssh/config
|
||||
Host hg
|
||||
Hostname hg.lukegb.com
|
||||
User hg
|
||||
StrictHostKeyChecking no
|
||||
IdentityFile /secrets/ssh_id
|
||||
EOF
|
||||
|
||||
cat <<EOF >$out/root/.hgrc
|
||||
[extensions]
|
||||
histedit =
|
||||
rebase =
|
||||
strip =
|
||||
remotenames =
|
||||
amend =
|
||||
evolve =
|
||||
topic =
|
||||
purge =
|
||||
share =
|
||||
EOF
|
||||
'')
|
||||
];
|
||||
}
|
1
ops/maint/update_nixpkgs/localtest.sh
Executable file
1
ops/maint/update_nixpkgs/localtest.sh
Executable file
|
@ -0,0 +1 @@
|
|||
cat $(nix-build --option builders '' -A ops.maint.update_nixpkgs $HOME/depot) | podman load update_nixpkgs && podman run -it --rm -v $(readlink -f $HOME/update_nixpkgs_tmp/secrets):/secrets -v $(readlink -f $HOME/update_nixpkgs_tmp/depot):/depot update_nixpkgs 2>&1 | tee $HOME/update_nixpkgs_tmp/log.log
|
77
ops/maint/update_nixpkgs/update_nixpkgs.sh
Executable file
77
ops/maint/update_nixpkgs/update_nixpkgs.sh
Executable file
|
@ -0,0 +1,77 @@
|
|||
#!/bin/env bash
|
||||
|
||||
function die() { echo "$*" >&2; exit 1; }
|
||||
|
||||
function check_preconditions() {
|
||||
test -d /secrets || die "no /secrets directory"
|
||||
test -d /depot || die "no /depot directory"
|
||||
}
|
||||
|
||||
function clone_depot() {
|
||||
echo Cloning depot to /depot/depot >&2
|
||||
hg clone ssh://hg/lukegb/depot /depot/depot
|
||||
cd /depot/depot
|
||||
}
|
||||
|
||||
function update_depot() {
|
||||
echo Updating depot checkout in /depot/depot >&2
|
||||
cd /depot/depot
|
||||
hg revert -a
|
||||
hg pull
|
||||
hg update -r default -C
|
||||
hg purge --all
|
||||
hg strip --no-backup 'roots(outgoing())' || true
|
||||
}
|
||||
|
||||
function make_depot_fresh() {
|
||||
if test -d /depot/depot; then
|
||||
update_depot
|
||||
else
|
||||
clone_depot
|
||||
fi
|
||||
}
|
||||
|
||||
function clone_nixpkgs() {
|
||||
echo Cloning nixpkgs to /depot/nixpkgs >&2
|
||||
git clone --bare https://github.com/NixOS/nixpkgs.git /depot/nixpkgs
|
||||
}
|
||||
|
||||
function update_nixpkgs() {
|
||||
echo Updating nixpkgs checkout in /depot/nixpkgs >&2
|
||||
pushd /depot/nixpkgs
|
||||
git fetch origin nixos-unstable
|
||||
git branch -f master FETCH_HEAD
|
||||
popd
|
||||
}
|
||||
|
||||
function make_nixpkgs_fresh() {
|
||||
if test -d /depot/nixpkgs; then
|
||||
update_nixpkgs
|
||||
else
|
||||
clone_nixpkgs
|
||||
fi
|
||||
}
|
||||
|
||||
function main() {
|
||||
set -euxo pipefail
|
||||
check_preconditions
|
||||
make_depot_fresh
|
||||
make_nixpkgs_fresh
|
||||
|
||||
# Pre-seed the copybara cache directory, so it doesn't try to do the clone itself.
|
||||
mkdir -p $HOME/copybara/cache/{git_repos,hg_repos}
|
||||
hg clone --noupdate /depot/depot $HOME/copybara/cache/hg_repos/file%3A%2F%2F%2Fdepot%2Fdepot
|
||||
git clone --mirror /depot/nixpkgs $HOME/copybara/cache/git_repos/https%3A%2F%2Fgithub%2Ecom%2FNixOS%2Fnixpkgs%2Egit
|
||||
|
||||
sed -i 's,file:///home/lukegb/depot,file:///depot/depot,g' ./third_party/nixpkgs/copy.bara.sky
|
||||
copybara migrate --verbose ./third_party/nixpkgs/copy.bara.sky || exit 0
|
||||
|
||||
# Reset to a clean state.
|
||||
hg update -r default -C
|
||||
hg purge --all
|
||||
|
||||
# And push, if it that worked.
|
||||
hg push -r .
|
||||
}
|
||||
|
||||
main
|
Loading…
Reference in a new issue