Consume the newly available secrets that let us push and stuff

6b616186 · Jean-Paul Calderone · ab3c76c2 · 6b616186
Commit 6b616186 authored 2 years ago by Jean-Paul Calderone
--- a/ci-tools/update-nixpkgs
+++ b/ci-tools/update-nixpkgs
 #!/usr/bin/env nix-shell
-#!nix-shell -i sh -p nixUnstable git curl
+#!nix-shell -i sh -p nixUnstable git openssh curl
+# ^^
+# we get nixUnstable for the diff-closures command, mostly.
+# we need git to commit and push our changes
+# we need openssh for ssh-agent to authenticate the push
+# we need curl to create the gitlab MR
 set -eux -o pipefail
+setup_ssh() {
+    # -s makes the output sh compatible, in case it can't detect this for
+    # itself.
+    eval $(ssh-agent -s)
+    # A GitLab CI/CD variable set for us to use.
+    ssh-add <(echo "${UPDATE_NIXPKGS_PRIVATE_SSHKEY_BASE64}" | base64 -d)
+    # We may not know the git/ssh server's host key yet.  In that case, learn
+    # it and proceed.
+    export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new"
+}
+setup_git() {
+    git config --global user.email "update-bot@private.storage"
+    git config --global user.name "Update Bot"
+}
+setup_ssh()
+setup_git()
 TARGET_BRANCH="nixpkgs-upgrade-$(date +%Y-%m-%d)"
 echo '{}' > morph/grid/local/public-keys/users.nix