From 6d8bcbb27b130c6de9d22d09fa4b0940ed5c14b6 Mon Sep 17 00:00:00 2001 From: m3tm3re Date: Wed, 25 Mar 2026 19:11:57 +0100 Subject: [PATCH] chore: ci-update --- .gitea/workflows/nix-update.yml | 121 ++++++++++++++------------------ flake.lock | 14 ++-- flake.nix | 2 +- pkgs/kestractl/update.sh | 16 ++++- pkgs/n8n/default.nix | 6 +- pkgs/openshell/update.sh | 17 ++++- 6 files changed, 91 insertions(+), 85 deletions(-) diff --git a/.gitea/workflows/nix-update.yml b/.gitea/workflows/nix-update.yml index 59851fd..332b429 100644 --- a/.gitea/workflows/nix-update.yml +++ b/.gitea/workflows/nix-update.yml @@ -179,94 +179,79 @@ jobs: is_custom_update_script() { local pkg=$1 local result - # nix-update-script returns a list like [ "/nix/store/...-nix-update/bin/nix-update" ] - # Custom scripts return a path like "/nix/store/.../update.sh" + # Custom scripts (./update.sh) become store paths ending in .sh + # nix-update-script produces a list with nix-update binary path result=$(nix eval --impure --raw --expr " - let + let flake = builtins.getFlake (toString ./.); pkg = flake.packages.\${builtins.currentSystem}.${pkg}; - script = pkg.passthru.updateScript or []; - in - if builtins.isPath script then - \"custom\" - else if builtins.isList script && builtins.length script > 0 then + script = pkg.passthru.updateScript or null; + in + if script == null then \"none\" + else if builtins.isPath script then \"custom\" + else if builtins.isString script then + (if builtins.match \".*\\.sh$\" script != null then \"custom\" else \"other\") + else if builtins.isList script then let first = builtins.head script; - in if builtins.isString first && builtins.match \".*/nix-update$\" first != null then - \"nix-update-script\" - else if builtins.isPath first then - \"custom\" - else - \"other\" - else if builtins.isAttrs script && script ? command then - if builtins.isPath script.command then \"custom\" - else if builtins.isList script.command && builtins.isPath (builtins.head script.command) then \"custom\" - else \"other\" - else - \"other\" + in if builtins.isString first && builtins.match \".*/nix-update$\" first != null + then \"nix-update-script\" + else \"custom\" + else if builtins.isAttrs script && script ? command then \"custom\" + else \"other\" " 2>/dev/null || echo "other") [[ "$result" == "custom" ]] } - # Run a custom update script directly (for packages like n8n) + # Run a custom update script directly + # Scripts must use nix-shell shebang for their own dependencies run_custom_update_script() { local pkg=$1 local before_hash=$(git rev-parse HEAD) - + echo " 🔧 Detected custom update script for $pkg" - - # Get package metadata for environment variables - local name pname version - name=$(nix eval --raw .#${pkg}.name 2>/dev/null || echo "$pkg") - pname=$(nix eval --raw .#${pkg}.pname 2>/dev/null || echo "$pkg") - version=$(nix eval --raw .#${pkg}.version 2>/dev/null || echo "unknown") - - # Run the custom script using nix develop - if nix develop --impure --expr " - with builtins; - let - flake = getFlake (toString ./.); - pkgs = flake.inputs.nixpkgs.legacyPackages.\${currentSystem}; - pkg' = flake.packages.\${currentSystem}.${pkg}; - script = pkg'.passthru.updateScript; - cmd = if isAttrs script then script.command else script; - scriptPath = if isList cmd then head cmd else cmd; - in pkgs.mkShell { - inputsFrom = [pkg']; - packages = with pkgs; [ curl jq git ]; - } - " --command bash -c " - export UPDATE_NIX_NAME='${name}' - export UPDATE_NIX_PNAME='${pname}' - export UPDATE_NIX_OLD_VERSION='${version}' - export UPDATE_NIX_ATTR_PATH='${pkg}' - - # Get the script path and execute it - script_path=\$(nix eval --impure --raw --expr ' - let - flake = builtins.getFlake (toString ./.); - pkg = flake.packages.\${builtins.currentSystem}.${pkg}; - script = pkg.passthru.updateScript; - cmd = if builtins.isAttrs script then script.command else script; - in if builtins.isList cmd then toString (builtins.head cmd) - else toString cmd - ' 2>/dev/null) - - if [ -n \"\$script_path\" ]; then - echo \"Running: \$script_path\" - bash \"\$script_path\" - fi - " 2>&1 | tee /tmp/update-${pkg}.log; then + + # Resolve the store path of the update script + local script_path + script_path=$(nix eval --impure --raw --expr " + let + flake = builtins.getFlake (toString ./.); + pkg = flake.packages.\${builtins.currentSystem}.${pkg}; + script = pkg.passthru.updateScript; + cmd = if builtins.isAttrs script then script.command + else if builtins.isList script then builtins.head script + else script; + in toString cmd + " 2>/dev/null) + + if [ -z "$script_path" ]; then + echo "❌ Could not resolve update script path for $pkg" + return 1 + fi + + # Set environment variables that nix-update would normally provide + export UPDATE_NIX_NAME=$(nix eval --raw .#${pkg}.name 2>/dev/null || echo "$pkg") + export UPDATE_NIX_PNAME=$(nix eval --raw .#${pkg}.pname 2>/dev/null || echo "$pkg") + export UPDATE_NIX_OLD_VERSION=$(nix eval --raw .#${pkg}.version 2>/dev/null || echo "unknown") + export UPDATE_NIX_ATTR_PATH="$pkg" + + echo " Running: $script_path" + if bash "$script_path" 2>&1 | tee /tmp/update-${pkg}.log; then if [ "$(check_commit "$before_hash")" = "true" ]; then echo "✅ Updated $pkg (via custom script)" return 0 fi + # Script succeeded but no commit — may already be up to date + if grep -q "already at latest\|nothing to do" /tmp/update-${pkg}.log; then + echo "✓ $pkg already up to date" + return 1 + fi fi - + # Clean up on failure git checkout -- . 2>/dev/null || true git clean -fd 2>/dev/null || true - - if ! grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then + + if ! grep -q "already at latest\|nothing to do\|No new version found" /tmp/update-${pkg}.log; then echo "⚠️ Custom update script failed for $pkg" fi return 1 diff --git a/flake.lock b/flake.lock index 1d1e4b2..2b6d779 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1774359777, - "narHash": "sha256-O1rLshVxPjevFoLsmxH9MFfuKOs0o5R6RKgDQdEPhc4=", + "lastModified": 1774459280, + "narHash": "sha256-pSoDFN/r8sgnGcTWRwahIUaGBaAEFcG80D3OKJugZRc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4dadc5203f16ccff702e755fb59175a972604ac5", + "rev": "6e80a55cd41cd97903fdbd080154450651b694f3", "type": "github" }, "original": { @@ -39,16 +39,16 @@ ] }, "locked": { - "lastModified": 1774222321, - "narHash": "sha256-JQsccVflS/GAjzguvZTLn7UH7tsou8yCSlaA48DVY10=", + "lastModified": 1774392635, + "narHash": "sha256-04eOIBHX9e8Brwn+uL/7q8szvRUilr4G0B8eB76dhKU=", "owner": "anomalyco", "repo": "opencode", - "rev": "eb3bfffad453f1c8c3f0f92bba0d8e34c83fa244", + "rev": "0dcdf5f529dced23d8452c9aa5f166abb24d8f7c", "type": "github" }, "original": { "owner": "anomalyco", - "ref": "v1.3.0", + "ref": "v1.3.2", "repo": "opencode", "type": "github" } diff --git a/flake.nix b/flake.nix index d5463bd..3448e8d 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ # opencode needs newer bun from master opencode = { - url = "github:anomalyco/opencode/v1.3.0"; + url = "github:anomalyco/opencode/v1.3.2"; inputs.nixpkgs.follows = "nixpkgs-master"; }; diff --git a/pkgs/kestractl/update.sh b/pkgs/kestractl/update.sh index 85f4280..8371611 100755 --- a/pkgs/kestractl/update.sh +++ b/pkgs/kestractl/update.sh @@ -1,9 +1,9 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#!nix-shell --pure -i bash -p bash curl jq nix cacert git set -euo pipefail # Update kestractl sources.json with the latest release from GitHub. -# Usage: ./update.sh -# Called automatically by: nix-update --update-script kestractl +# Usage: ./update.sh (or via nix-update --update-script) SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SOURCES_FILE="$SCRIPT_DIR/sources.json" @@ -49,3 +49,13 @@ jq -n \ > "$SOURCES_FILE" echo "Updated $SOURCES_FILE to $VERSION" + +# Commit when running in CI or via nix-update +if [[ -d "$SCRIPT_DIR/../../.git" ]] || git rev-parse --is-inside-work-tree >/dev/null 2>&1; then + NIXPKGS_ROOT=$(git -C "$SCRIPT_DIR" rev-parse --show-toplevel 2>/dev/null || true) + if [[ -n "$NIXPKGS_ROOT" && -n "$(git -C "$NIXPKGS_ROOT" status --porcelain "$SOURCES_FILE")" ]]; then + git -C "$NIXPKGS_ROOT" add "$SOURCES_FILE" + git -C "$NIXPKGS_ROOT" commit -m "kestractl: ${CURRENT_VERSION} -> ${VERSION}" + echo "Committed update to git" + fi +fi diff --git a/pkgs/n8n/default.nix b/pkgs/n8n/default.nix index 91b1bc2..bea4a09 100644 --- a/pkgs/n8n/default.nix +++ b/pkgs/n8n/default.nix @@ -25,20 +25,20 @@ in stdenv.mkDerivation (finalAttrs: { pname = "n8n"; - version = "2.11.4"; + version = "2.13.3"; src = fetchFromGitHub { owner = "n8n-io"; repo = "n8n"; tag = "n8n@${finalAttrs.version}"; - hash = "sha256-mhfVipTAoHCY1BPSV5Ge1iQpa/LaUCw2aiI3KFkW0CI="; + hash = "sha256-ErChLX9bzOABz1hM4YuB2horhTWR4tskItx5rE0zR8g="; }; pnpmDeps = fetchPnpmDeps { inherit (finalAttrs) pname version src; pnpm = pnpm_10; fetcherVersion = 3; - hash = "sha256-fWE/uJTs7lawbVu7iDSrpufqFaOkzFc5jjTD8u3Drok="; + hash = "sha256-SyGVhJ1kKH209TQken89RnBpZ7K3agHPN0jSmoFtX6c="; }; nativeBuildInputs = diff --git a/pkgs/openshell/update.sh b/pkgs/openshell/update.sh index 85331b0..d52e36b 100755 --- a/pkgs/openshell/update.sh +++ b/pkgs/openshell/update.sh @@ -1,9 +1,9 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#!nix-shell --pure -i bash -p bash curl jq nix cacert git set -euo pipefail # Update openshell sources.json with the latest release from GitHub. -# Usage: ./update.sh -# Called automatically by: nix-update --update-script openshell +# Usage: ./update.sh (or via nix-update --update-script) SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SOURCES_FILE="$SCRIPT_DIR/sources.json" @@ -50,3 +50,14 @@ jq -n \ > "$SOURCES_FILE" echo "Updated $SOURCES_FILE to $VERSION" + +# Commit when running in CI or via nix-update +if [[ -d "$SCRIPT_DIR/../../.git" ]] || git rev-parse --is-inside-work-tree >/dev/null 2>&1; then + NIXPKGS_ROOT=$(git -C "$SCRIPT_DIR" rev-parse --show-toplevel 2>/dev/null || true) + if [[ -n "$NIXPKGS_ROOT" && -n "$(git -C "$NIXPKGS_ROOT" status --porcelain "$SOURCES_FILE")" ]]; then + CLEAN_VERSION="${VERSION#v}" + git -C "$NIXPKGS_ROOT" add "$SOURCES_FILE" + git -C "$NIXPKGS_ROOT" commit -m "openshell: ${CURRENT_VERSION#v} -> ${CLEAN_VERSION}" + echo "Committed update to git" + fi +fi