161 lines
4.1 KiB
Nix
161 lines
4.1 KiB
Nix
{
|
|
stdenvNoCC,
|
|
lib,
|
|
fetchurl,
|
|
writeScript,
|
|
nix,
|
|
runtimeShell,
|
|
curl,
|
|
cacert,
|
|
jq,
|
|
yq,
|
|
gnupg,
|
|
|
|
releaseManifestFile,
|
|
releaseInfoFile,
|
|
bootstrapSdkFile,
|
|
allowPrerelease,
|
|
}:
|
|
|
|
let
|
|
inherit (lib.importJSON releaseManifestFile) channel release;
|
|
|
|
pkg = stdenvNoCC.mkDerivation {
|
|
name = "update-dotnet-vmr-env";
|
|
|
|
nativeBuildInputs = [
|
|
nix
|
|
curl
|
|
cacert
|
|
jq
|
|
yq
|
|
gnupg
|
|
];
|
|
};
|
|
|
|
releaseKey = fetchurl {
|
|
url = "https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc";
|
|
hash = "sha256-F668QB55md0GQvoG0jeA66Fb2RbrsRhFTzTbXIX3GUo=";
|
|
};
|
|
|
|
drv = builtins.unsafeDiscardOutputDependency pkg.drvPath;
|
|
|
|
in
|
|
writeScript "update-dotnet-vmr.sh" ''
|
|
#! ${nix}/bin/nix-shell
|
|
#! nix-shell -i ${runtimeShell} --pure ${drv} --keep UPDATE_NIX_ATTR_PATH
|
|
set -euo pipefail
|
|
|
|
tag=''${1-}
|
|
|
|
if [[ -n $tag ]]; then
|
|
query=$(cat <<EOF
|
|
map(
|
|
select(
|
|
(.tag_name == "$tag"))) |
|
|
first
|
|
EOF
|
|
)
|
|
else
|
|
query=$(cat <<EOF
|
|
map(
|
|
select(
|
|
${lib.optionalString (!allowPrerelease) ".prerelease == false and"}
|
|
.draft == false and
|
|
(.tag_name | startswith("v${channel}")))) |
|
|
first
|
|
EOF
|
|
)
|
|
fi
|
|
|
|
query="$query "$(cat <<EOF
|
|
| (
|
|
.tag_name,
|
|
(.assets |
|
|
.[] |
|
|
select(.name == "release.json") |
|
|
.browser_download_url),
|
|
(.assets |
|
|
.[] |
|
|
select(.name | endswith(".tar.gz.sig")) |
|
|
.browser_download_url))
|
|
EOF
|
|
)
|
|
|
|
(
|
|
curl -fsSL https://api.github.com/repos/dotnet/dotnet/releases | \
|
|
jq -r "$query" \
|
|
) | (
|
|
read tagName
|
|
read releaseUrl
|
|
read sigUrl
|
|
|
|
tmp="$(mktemp -d)"
|
|
trap 'rm -rf "$tmp"' EXIT
|
|
|
|
echo ${lib.escapeShellArg (toString ./update.sh)} \
|
|
-o ${lib.escapeShellArg (toString bootstrapSdkFile)} --sdk foo
|
|
|
|
cd "$tmp"
|
|
|
|
curl -fsSL "$releaseUrl" -o release.json
|
|
release=$(jq -r .release release.json)
|
|
|
|
if [[ -z $tag && "$release" == "${release}" ]]; then
|
|
>&2 echo "release is already $release"
|
|
exit
|
|
fi
|
|
|
|
tarballUrl=https://github.com/dotnet/dotnet/archive/refs/tags/$tagName.tar.gz
|
|
|
|
mapfile -t prefetch < <(nix-prefetch-url --print-path "$tarballUrl")
|
|
tarballHash=$(nix-hash --to-sri --type sha256 "''${prefetch[0]}")
|
|
tarball=''${prefetch[1]}
|
|
|
|
curl -fssL "$sigUrl" -o release.sig
|
|
|
|
(
|
|
export GNUPGHOME=$PWD/.gnupg
|
|
trap 'gpgconf --kill all' EXIT
|
|
gpg --batch --import ${releaseKey}
|
|
gpg --batch --verify release.sig "$tarball"
|
|
)
|
|
|
|
tar --strip-components=1 --no-wildcards-match-slash --wildcards -xzf "$tarball" \*/eng/Versions.props \*/global.json
|
|
artifactsVersion=$(xq -r '.Project.PropertyGroup |
|
|
map(select(.PrivateSourceBuiltArtifactsVersion))
|
|
| .[] | .PrivateSourceBuiltArtifactsVersion' eng/Versions.props)
|
|
|
|
if [[ "$artifactsVersion" != "" ]]; then
|
|
artifactsUrl=https://dotnetcli.azureedge.net/source-built-artifacts/assets/Private.SourceBuilt.Artifacts.$artifactsVersion.centos.9-x64.tar.gz
|
|
else
|
|
artifactsUrl=$(xq -r '.Project.PropertyGroup |
|
|
map(select(.PrivateSourceBuiltArtifactsUrl))
|
|
| .[] | .PrivateSourceBuiltArtifactsUrl' eng/Versions.props)
|
|
fi
|
|
|
|
artifactsHash=$(nix-hash --to-sri --type sha256 "$(nix-prefetch-url "$artifactsUrl")")
|
|
|
|
sdkVersion=$(jq -r .tools.dotnet global.json)
|
|
|
|
jq --null-input \
|
|
--arg _0 "$tarballHash" \
|
|
--arg _1 "$artifactsUrl" \
|
|
--arg _2 "$artifactsHash" \
|
|
'{
|
|
"tarballHash": $_0,
|
|
"artifactsUrl": $_1,
|
|
"artifactsHash": $_2,
|
|
}' > "${toString releaseInfoFile}"
|
|
|
|
cp release.json "${toString releaseManifestFile}"
|
|
|
|
cd -
|
|
|
|
# needs to be run in nixpkgs
|
|
${lib.escapeShellArg (toString ./update.sh)} \
|
|
-o ${lib.escapeShellArg (toString bootstrapSdkFile)} --sdk "$sdkVersion"
|
|
|
|
$(nix-build -A $UPDATE_NIX_ATTR_PATH.fetch-deps --no-out-link)
|
|
)
|
|
''
|