Newer
Older
#!nix-shell -i bash -p nixUnstable git openssh curl
# ^^
# we get nixUnstable for the diff-closures command, mostly.
# we need git to commit and push our changes
# we need openssh for ssh-agent to authenticate the push
# we need curl to create the gitlab MR
setup_ssh() {
# -s makes the output sh compatible, in case it can't detect this for
# itself.
eval $(ssh-agent -s)
# A GitLab CI/CD variable set for us to use.
echo "${UPDATE_NIXPKGS_PRIVATE_SSHKEY_BASE64}" | base64 -d | ssh-add -
# We may not know the git/ssh server's host key yet. In that case, learn
# it and proceed.
export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new"
}
setup_git() {
git config --global user.email "update-bot@private.storage"
git config --global user.name "Update Bot"
git remote add origin "gitlab@${HOST}:PrivateStorage/PrivateStorageio.git" || true
}
setup_ssh
setup_git
TARGET_BRANCH="nixpkgs-upgrade-$(date +%Y-%m-%d)"
echo '{}' > morph/grid/local/public-keys/users.nix
# nix-build -A morph -o result-before
git checkout "${TARGET_BRANCH}" || git checkout -b "${TARGET_BRANCH}"
# Spawn *another* nix-shell that has the *other* update-nixpkgs tool. Should
# sort out this mess sooner rather than later...
if git diff --exit-code origin/develop...; then
echo "No changes."
exit 0
fi
# nix-build -A morph -o result-after
# diff=$(nix --extra-experimental-features nix-command store diff-closures ./result-before/ ./result-after/)
git commit -am "bump nixpkgs version"
git push origin "${TARGET_BRANCH}:${TARGET_BRANCH}"
BODY=$(cat <<EOF
{
"id": ${CI_PROJECT_ID},
"source_branch": "${CI_COMMIT_REF_NAME}",
"target_branch": "${TARGET_BRANCH}",
"remove_source_branch": true,
"title": "WIP: ${CI_COMMIT_REF_NAME}",
"assignee_id":"jcalderone"
}
EOF
)
curl -X POST --data "${BODY}" --header "Content-Type: application/json" --header "PRIVATE-TOKEN: ${UPDATE_NIXPKGS_PRIVATE_TOKEN}" "${HOST}/api/v4/projects/merge_requests"