From ec996ea2416e81031baa16d93e5f9bd7eb71b2d8 Mon Sep 17 00:00:00 2001
From: Update Bot <update-bot@private.storage>
Date: Fri, 15 Jul 2022 11:38:32 -0400
Subject: [PATCH] stop leaking variables left and right

---
 ci-tools/update-nixpkgs | 60 ++++++++++++++++++++---------------------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/ci-tools/update-nixpkgs b/ci-tools/update-nixpkgs
index c192cc8a..e9696325 100755
--- a/ci-tools/update-nixpkgs
+++ b/ci-tools/update-nixpkgs
@@ -12,44 +12,43 @@ set -eux -o pipefail
 main() {
     # This is a base64-encoded OpenSSH-format SSH private key that we can use
     # to push and pull with git over ssh.
-    SSHKEY=$1
+    local SSHKEY=$1
     shift
 
     # This is a GitLab authentication token we can use to make API calls onto
     # GitLab.
-    TOKEN=$1
+    local TOKEN=$1
     shift
 
     # This is the hostname of the GitLab instance where the project lives.
-    HOST=$1
+    local HOST=$1
     shift
 
     # This is the "group/project"-style identifier for the project we're working
     # with.
-    SLUG=$1
+    local SLUG=$1
     shift
 
     # The GitLab id of the project (eg, from CI_PROJECT_ID in the CI
     # environment).
-    PROJECT_ID=$1
+    local PROJECT_ID=$1
     shift
 
     # Only proceed if we have an ssh-agent.
     check_agent
 
     # Pick a branch name into which to push our work.
-    SOURCE_BRANCH="nixpkgs-upgrade-$(date +%Y-%m-%d)"
+    local SOURCE_BRANCH="nixpkgs-upgrade-$(date +%Y-%m-%d)"
 
     setup_git
     checkout_source_branch "$SSHKEY" "$HOST" "$SLUG" "$SOURCE_BRANCH"
     build "result-before"
-    if ! update_nixpkgs; then
-	# If nothing changed, that's okay, just stop here.
-	echo "No changes."
-        exit 0
-    fi
+
+    # If nothing changed, update_nixpkgs will just exit for us.
+    update_nixpkgs
+
     build "result-after"
-    DIFF=$(compute_diff "./result-before" "./result-after")
+    local DIFF=$(compute_diff "./result-before" "./result-after")
     commit_and_push "$SSHKEY" "$SOURCE_BRANCH" "$DIFF"
     create_merge_request "$HOST" "$TOKEN" "$PROJECT_ID" "$SOURCE_BRANCH" "$DIFF"
 }
@@ -58,7 +57,7 @@ main() {
 # may have a limited lifetime in the agent so operations that are going to
 # require the key should refresh it immediately before starting.
 refresh_ssh_key() {
-    KEY_BASE64=$1
+    local KEY_BASE64=$1
     shift
 
     # A GitLab CI/CD variable set for us to use.
@@ -90,13 +89,13 @@ check_agent() {
 # Make a fresh clone of the repository, make it our working directory, and
 # check out the branch we intend to commit to (the "source" of the MR).
 checkout_source_branch() {
-    SSHKEY=$1
+    local SSHKEY=$1
     shift
-    HOST=$1
+    local HOST=$1
     shift
-    SLUG=$1
+    local SLUG=$1
     shift
-    BRANCH=$1
+    local BRANCH=$1
     shift
 
     # To avoid messing with the checkout we're running from (which GitLab
@@ -120,7 +119,7 @@ checkout_source_branch() {
 # compute later.
 build() {
     # The name of the nix result symlink.
-    RESULT=$1
+    local RESULT=$1
     shift
 
     # The local grid can only build if you populate its users.
@@ -140,16 +139,17 @@ update_nixpkgs() {
     # Show us what we did - and signal a kind of error if we did nothing
     # (expected in the case where nixpkgs hasn't changed since we last ran).
     if git diff --exit-code; then
-	exit 1
+	echo "No changes."
+	exit 0
     fi
 }
 
 # Return a description of the package changes resulting from the dependency
 # update.
 compute_diff() {
-    LEFT=$1
+    local LEFT=$1
     shift
-    RIGHT=$1
+    local RIGHT=$1
     shift
     nix --extra-experimental-features nix-command store diff-closures "$LEFT" "$RIGHT"
 }
@@ -157,11 +157,11 @@ compute_diff() {
 # Commit and push all changes in the working tree along with a description of
 # the package changes.
 commit_and_push() {
-    SSHKEY=$1
+    local SSHKEY=$1
     shift
-    BRANCH=$1
+    local BRANCH=$1
     shift
-    DIFF=$1
+    local DIFF=$1
     shift
 
     git commit -am "bump nixpkgs
@@ -177,18 +177,18 @@ $DIFF
 # Create a GitLab MR for the branch we just pushed, including a description of
 # the package changes it implies.
 create_merge_request() {
-    HOST=$1
+    local HOST=$1
     shift
-    TOKEN=$1
+    local TOKEN=$1
     shift
-    CI_PROJECT_ID=$1
+    local CI_PROJECT_ID=$1
     shift
-    BRANCH=$1
+    local BRANCH=$1
     shift
-    DIFF=$1
+    local DIFF=$1
     shift
 
-    BODY=$(python3 -c '
+    local BODY=$(python3 -c '
 import sys, json, re
 def rewrite_escapes(s):
     return re.sub(r"\x1b\[[^m]*m", "", s)
-- 
GitLab