flake.nix: Add update script

This commit is contained in:
Tristan Daniël Maat 2023-01-19 07:59:58 +00:00
parent 5c537df885
commit d142e98788
Signed by: tlater
GPG key ID: 49670FD774E43268
3 changed files with 86 additions and 8 deletions

View file

@ -27,14 +27,27 @@
templates = flakeOutputs.packages.${system}.tlaternet;
};
apps.${system}.default = let
inherit (self.packages.${system}) server templates;
inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
in {
type = "app";
program = builtins.toString (writeShellScript "tlaternet-webserver" ''
${server}/bin/tlaternet-webserver --template-directory ${templates}
'');
apps.${system} = {
default = let
inherit (self.packages.${system}) server templates;
inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
in {
type = "app";
program = builtins.toString (writeShellScript "tlaternet-webserver" ''
${server}/bin/tlaternet-webserver --template-directory ${templates}
'');
};
update = let
update-script = nixpkgs.legacyPackages.${system}.callPackage ./nix/update.nix {
cargo = flakeOutputs.rust-toolchain.cargo;
npm = nixpkgs.legacyPackages.${system}.nodePackages_latest.npm;
npm-check-updates = self.packages.${system}.templates.dependencies.npm-check-updates;
};
in {
type = "app";
program = "${update-script}/bin/update";
};
};
nixosModules.default = import ./nix/module.nix {inherit self system;};

51
nix/scripts/update.sh Normal file
View file

@ -0,0 +1,51 @@
#!/bin/bash
set -eu
# The backticks aren't supposed to be shell expansion
# shellcheck disable=SC2016
echo 'Note: Update the flake inputs with `nix flake update --commit-lockfile *first*`'
# Make sure we're at the repo root
cd "$(git rev-parse --show-toplevel)" || exit
# Update cargo deps
cd server || exit
cargo update
if ! git diff --quiet Cargo.lock Cargo.toml; then
git commit -m 'server: Update cargo dependencies' Cargo.lock Cargo.toml
fi
# Update template deps
cd ../templates || exit
tmpdir="$(mktemp -dt 'npm-updates.XXXXXXXXXX')"
trap 'rm -r -- "$tmpdir"' EXIT
# Ensure package.json is up to date so that npm-check-updates can read
# it
yq --output-format json package.yaml > package.json
# Fetch package updates and prepare an update dict
yq -P eval-all '{"dependencies": select(fi==0)} * {"devDependencies": select(fi==1)}' \
<(npm-check-updates --dep prod --jsonUpgraded) \
<(npm-check-updates --dep dev --jsonUpgraded) \
> "$tmpdir/updates.yaml"
# Now apply these using yq
yq -P ". *= load(\"$tmpdir/updates.yaml\")" package.yaml > "$tmpdir/package.yaml.updated"
# yq's in-place replacement sadly doesn't persist newlines currently,
# so we need to apply the changes in a roundabout way using diff.
diff --ignore-blank-lines <(yq '.' package.yaml) "$tmpdir/package.yaml.updated" > "$tmpdir/update.patch" || true
patch --no-backup-if-mismatch --merge --input="$tmpdir/update.patch" package.yaml
# Update package.json again and get npm to update the package lock
# file
yq --output-format json package.yaml > package.json
npm install --package-lock-only
if ! git diff --quiet package.yaml package-lock.json; then
git commit -m 'templates: Update npm dependencies' package.yaml package-lock.json
fi

14
nix/update.nix Normal file
View file

@ -0,0 +1,14 @@
{
writeShellApplication,
cargo,
git,
nix,
npm,
npm-check-updates,
yq-go,
}:
writeShellApplication {
name = "update";
runtimeInputs = [cargo git nix npm npm-check-updates yq-go];
text = builtins.readFile ./scripts/update.sh;
}