From f7a8e1c6c95f70d261c4f2b003876bbbd2e54c29 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Sun, 7 Jan 2024 17:57:27 +0000
Subject: [PATCH] switch-prebuilt: make latest slightly... better

---
 ops/nixos/lib/switch-prebuilt.nix | 74 ++++++++++++++++++++-----------
 1 file changed, 48 insertions(+), 26 deletions(-)

diff --git a/ops/nixos/lib/switch-prebuilt.nix b/ops/nixos/lib/switch-prebuilt.nix
index d9379f0e75..d20ec18f65 100644
--- a/ops/nixos/lib/switch-prebuilt.nix
+++ b/ops/nixos/lib/switch-prebuilt.nix
@@ -1,38 +1,60 @@
-# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
+# SPDX-FileCopyrightText: 2024 Luke Granger-Brown <depot@lukegb.com>
 #
 # SPDX-License-Identifier: Apache-2.0
 
 { depot, system, pkgs, ... }:
-pkgs.writeShellScriptBin "switch-prebuilt" ''
-  set -ue
+pkgs.writeShellApplication {
+  name = "switch-prebuilt";
 
-  export AWS_ACCESS_KEY_ID="$(${pkgs.vault}/bin/vault kv get --address=unix:///run/tokend/sock -field=cacheAccessKeyID kv/apps/nix-daemon)"
-  export AWS_SECRET_ACCESS_KEY="$(${pkgs.vault}/bin/vault kv get --address=unix:///run/tokend/sock -field=cacheSecretAccessKey kv/apps/nix-daemon)"
-  system="''${1}"
+  runtimeInputs = with pkgs; [ curl unzip jq ];
 
-  if [[ "$system" == "latest" ]]; then
-    tmpdir="$(mktemp -d)"
-    trap '{ rm -rf -- "$tmpdir"; }' EXIT
+  text = ''
+    set -ue
+    system="''${1}"
 
-    ${pkgs.curl}/bin/curl -so "$tmpdir/archive.zip" 'https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/jobs/artifacts/branch%2Fdefault/download?job=nixCache-${system}'
-    ${pkgs.unzip}/bin/unzip -d "$tmpdir" -q -o "$tmpdir/archive.zip"
-    system="$(${pkgs.jq}/bin/jq -r ".\"$(hostname)\"" "$tmpdir/systems.json")"
+    if [[ "$system" == "latest" ]]; then
+      tmpdir="$(mktemp -d)"
+      trap '{ rm -rf -- "$tmpdir"; }' EXIT
 
-    echo "Switching to system ''$system"
-  fi
+      COMMIT_DATA="$(curl -s 'https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/repository/commits/branch%2Fdefault')"
+      echo "Commit: $(echo "$COMMIT_DATA" | jq -r '.id') $(echo "$COMMIT_DATA" | jq -r '.title')"
+      if [[ "$(echo "$COMMIT_DATA" | jq -r '.last_pipeline.id')" == null ]]; then
+        echo "...but there's no CI pipeline for it"
+        exit 1
+      fi
 
-  if [[ ! -e "$system" ]]; then
-    # We should be a trusted-user.
-    nix build -v "$system"
-  fi
+      PARENT_PIPELINE_BRIDGES="$(curl -s "https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/pipelines/$(echo "$COMMIT_DATA" | jq -r '.last_pipeline.id')/bridges")"
+      if [[ "$(echo "$PARENT_PIPELINE_BRIDGES" | jq -r '. | length')" == 0 ]]; then
+        echo "...but there's no downstream pipeline for it"
+        exit 1
+      fi
+      CHILD_PIPELINE_ID="$(echo "$PARENT_PIPELINE_BRIDGES" | jq -r '.[].downstream_pipeline.id')"
+      CHILD_PIPELINE_JOBS="$(curl -s "https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/pipelines/$CHILD_PIPELINE_ID/jobs?per_page=100")"
+      CACHE_JOB_ID="$(echo "$CHILD_PIPELINE_JOBS" | jq -r '.[] | select(.name == "nixCache-linux") | .id')"
+      if [[ "$CACHE_JOB_ID" == "" ]]; then
+        echo "...but there's no data for the cache job"
+        exit 1
+      fi
 
-  diff "$system/etc/hostname" "/etc/hostname"
+      curl -so "$tmpdir/systems.json" "https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/jobs/$CACHE_JOB_ID/artifacts/systems.json"
+      system="$(jq -r ".\"$(hostname)\"" "$tmpdir/systems.json")"
 
-  # The next phase requires sudo, but it's harmless to run the preceding commands twice.
-  if [[ $EUID -ne 0 ]]; then
-    exec sudo "$0" "$system"
-  fi
+      echo "Switching to system ''$system"
+    fi
 
-  nix-env -p /nix/var/nix/profiles/system --set "$system"
-  "$system/bin/switch-to-configuration" switch
-''
+    if [[ ! -e "$system" ]]; then
+      # We should be a trusted-user.
+      nix build -v "$system"
+    fi
+
+    diff "$system/etc/hostname" "/etc/hostname"
+
+    # The next phase requires sudo, but it's harmless to run the preceding commands twice.
+    if [[ $EUID -ne 0 ]]; then
+      exec sudo "$0" "$system"
+    fi
+
+    nix-env -p /nix/var/nix/profiles/system --set "$system"
+    "$system/bin/switch-to-configuration" switch
+  '';
+}