build: move update scripts to passthru, use files to put hashes

exaring · May 19, 2023 · a6139b4 · a6139b4
1 parent d283317
commit a6139b4
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 28 deletions.
diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml
@@ -25,5 +25,5 @@ jobs:
         run: |
           git config --local user.name "github-actions[bot]"
           git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git add flake.nix flake.lock
+          git add flake.lock nix
           ! git commit -m "build: update flake.nix" || git push
diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,4 @@ mock_*.go
 *~
 /.go-cache
 /.npm-cache
+/result
diff --git a/Makefile b/Makefile
@@ -68,10 +68,6 @@ $(BIN)/pigeon: PACKAGE=github.com/mna/[email protected]
 WWHRD = $(BIN)/wwhrd
 $(BIN)/wwhrd: PACKAGE=github.com/frapposelli/wwhrd@latest
 
-.PHONY: nix-update
-nix-update: ; $(info $(M) update Nix hashes…) @ ## Update nix hashes
-	$Q nix run ".#update"
-
 # Generated files
 
 .DELETE_ON_ERROR:

diff --git a/flake.nix b/flake.nix
@@ -18,7 +18,7 @@
         frontend = pkgs.buildNpmPackage.override { inherit nodejs; } {
           name = "akvorado-frontend";
           src = ./console/frontend;
-          npmDepsHash = "sha256-xs2WHPrQFPtcjYEpB2Fb/gegP6Mf9ZD0VK/DcPg1zS8=";
+          npmDepsHash = builtins.readFile nix/npmDepsHash.txt;
           installPhase = ''
             mkdir $out
             cp -r node_modules $out/node_modules
@@ -29,7 +29,7 @@
           doCheck = false;
           name = "akvorado";
           src = ./.;
-          vendorHash = "sha256-cxL3WuvSKpsutVS3k5kduEDdAvk1ZM2XVU6YjcT+OTk=";
+          vendorHash = builtins.readFile nix/vendorHash.txt;
           buildPhase = ''
             cp ${asn2org}/asns.csv orchestrator/clickhouse/data/asns.csv
             cp -r ${frontend}/node_modules console/frontend/node_modules
@@ -46,7 +46,7 @@
           '';
           # We do not use a wrapper to set SSL_CERT_FILE because, either a
           # binary or a shell wrapper, it would pull the libc (~30M).
-          installPhase= ''
+          installPhase = ''
             mkdir -p $out/bin $out/share/ca-certificates
             cp bin/akvorado $out/bin/.
             cp ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt $out/share/ca-certificates/.
@@ -55,26 +55,31 @@
       in
       rec {
         apps = {
-          update = let
-            script = pkgs.writeShellScriptBin "nix-update-akvorado" ''
-              # go
-              sha256=$(2>&1 nix build --no-link .#backend.go-modules \
-                          | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
-              [[ -z "$sha256" ]] || \
-                 ${pkgs.gnused}/bin/sed -Ei "s,^(\s+[v]endorHash =).*,\1 \"''${sha256}\";," flake.nix
-
-              # npm
-              sha256=$(2>&1 nix build --no-link .#frontend.npmDeps \
-                          | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
-              [[ -z "$sha256" ]] || \
-                 ${pkgs.gnused}/bin/sed -Ei "s,^(\s+[n]pmDepsHash =).*,\1 \"''${sha256}\";," flake.nix
-
-              # asn2org
-              nix flake lock --update-input asn2org
-            '';
-            in {
-              type = "app";
-              program = "${script}/bin/nix-update-akvorado";
+          passthru = pkgs.lib.attrsets.mapAttrs
+            (name: value:
+              let
+                script = pkgs.writeShellScriptBin name value;
+              in
+              {
+                type = "app";
+                program = "${script}/bin/${name}";
+              })
+            rec {
+              update-vendorHash = ''
+                sha256=$(2>&1 nix build --no-link .#backend.go-modules \
+                            | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
+                [[ -z "$sha256" ]] || echo $sha256 > nix/vendorHash.txt
+              '';
+              update-npmDepsHash = ''
+                sha256=$(2>&1 nix build --no-link .#frontend.npmDeps \
+                            | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
+                [[ -z "$sha256" ]] || echo $sha256 > nix/npmDepsHash.txt
+              '';
+              update = ''
+                ${update-vendorHash}
+                ${update-npmDepsHash}
+                nix flake lock --update-input asn2org
+              '';
             };
         };
 

diff --git a/nix/npmDepsHash.txt b/nix/npmDepsHash.txt
@@ -0,0 +1 @@
+sha256-xs2WHPrQFPtcjYEpB2Fb/gegP6Mf9ZD0VK/DcPg1zS8=
diff --git a/nix/vendorHash.txt b/nix/vendorHash.txt
@@ -0,0 +1 @@
+sha256-0IO+mWdMTTPKgn1sisiRjT6uKXtxYOta8Uk9csi1604=
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,3 +10,4 @@ mock_*.go @@
     *~
     /.go-cache
     /.npm-cache
+    /result
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		sha256-xs2WHPrQFPtcjYEpB2Fb/gegP6Mf9ZD0VK/DcPg1zS8=
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		sha256-0IO+mWdMTTPKgn1sisiRjT6uKXtxYOta8Uk9csi1604=