From 3c851dbbeacf2c5dd694ece5e8e201d54255eb2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 15 Jul 2023 08:20:21 +0200 Subject: [PATCH] add scripts to update vendorHash --- .github/workflows/dependabot.yml | 28 ++++++++++++++++++++++++++++ scripts/update-vendor-hash.sh | 17 +++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 .github/workflows/dependabot.yml create mode 100755 scripts/update-vendor-hash.sh diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 0000000..d50182a --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,28 @@ +name: Update vendorSha256 +on: pull_request + +permissions: + contents: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Install Nix + uses: cachix/install-nix-action@v22 + with: + github_access_token: ${{ secrets.GITHUB_TOKEN }} + nix_path: nixpkgs=channel:nixos-unstable + - name: Update checksum + run: | + ./scripts/update-vendor-hash.sh + # git push if we have a diff + if [[ -n $(git diff) ]]; then + git add default.nix + git commit -m "update vendorHash" + git push + fi diff --git a/scripts/update-vendor-hash.sh b/scripts/update-vendor-hash.sh new file mode 100755 index 0000000..e5369b9 --- /dev/null +++ b/scripts/update-vendor-hash.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p nix -p coreutils -p gnused -p gawk + +set -exuo pipefail + +failedbuild=$(nix build --impure --expr '(with import {}; pkgs.callPackage ./. { vendorHash = ""; }).sops-install-secrets' 2>&1 || true) +echo "$failedbuild" +checksum=$(echo "$failedbuild" | awk '/got:.*sha256/ { print $2 }') +sed -i -e "s|vendorHash ? \".*\"|vendorHash ? \"$checksum\"|" default.nix + +# git push if we have a diff +if [[ -n $(git diff) ]]; then + git add default.nix + git commit -m "sops-install-secrets: update checksum to $checksum" + git push +fi +