diff --git a/.buildkite/updates.yml b/.buildkite/updates.yml index 6cfcea94..86be2482 100644 --- a/.buildkite/updates.yml +++ b/.buildkite/updates.yml @@ -4,6 +4,8 @@ steps: - nix-build -I nixpkgs=channel:nixos-18.09 -A maintainer-scripts.update-hackage -o update-hackage.sh - echo "+++ Updating hackage.nix" - ./update-hackage.sh + artifact_paths: + - "hackage-src.json" agents: system: x86_64-linux @@ -12,5 +14,16 @@ steps: - nix-build -I nixpkgs=channel:nixos-18.09 -A maintainer-scripts.update-stackage -o update-stackage.sh - echo "+++ Updating stackage.nix" - ./update-stackage.sh + artifact_paths: + - "stackage-src.json" agents: system: x86_64-linux + + - wait: ~ + continue_on_failure: true + + - label: 'Update pins' + command: + - 'buildkite-agent artifact download "*.json" .' + - nix-build -A maintainer-scripts.update-pins -o update-pins.sh + - ./update-pins.sh diff --git a/default.nix b/default.nix index 23d351ba..47a3d283 100644 --- a/default.nix +++ b/default.nix @@ -116,6 +116,7 @@ let maintainer-scripts = { update-hackage = self.callPackage ./scripts/update-hackage.nix {}; update-stackage = self.callPackage ./scripts/update-stackage.nix {}; + update-pins = self.callPackage ./scripts/update-pins.nix {}; }; }); diff --git a/scripts/git.env b/scripts/git.env new file mode 100644 index 00000000..23a580d8 --- /dev/null +++ b/scripts/git.env @@ -0,0 +1,25 @@ +# Env variables and functions for updating git repos + +export GIT_COMMITTER_NAME="IOHK" +export GIT_COMMITTER_EMAIL="devops+nix-tools@iohk.io" +export GIT_AUTHOR_NAME="$GIT_COMMITTER_NAME" +export GIT_AUTHOR_EMAIL="$GIT_COMMITTER_EMAIL" + +use_ssh_key() { + sshkey=$1 + if [ -e $sshkey ] + then + echo "Authenticating using SSH with $sshkey" + export GIT_SSH_COMMAND="ssh -i $sshkey -F /dev/null" + else + echo "There is no SSH key at $sshkey" + echo "Git push may not work." + fi +} + +check_staged() { + if git diff-index --cached --quiet HEAD --; then + echo "No changes to commit, exiting." + exit 0 + fi +} diff --git a/scripts/update-external.nix b/scripts/update-external.nix index 0484cab8..4acf6ff6 100644 --- a/scripts/update-external.nix +++ b/scripts/update-external.nix @@ -19,27 +19,19 @@ in ${script} + source ${./git.env} + echo "Committing changes..." - export GIT_COMMITTER_NAME="IOHK" - export GIT_COMMITTER_EMAIL="devops+nix-tools@iohk.io" - export GIT_AUTHOR_NAME="$GIT_COMMITTER_NAME" - export GIT_AUTHOR_EMAIL="$GIT_COMMITTER_EMAIL" git add . - git commit --allow-empty --message "Automatic update for $(date)" + check_staged + git commit --message "Automatic update for $(date)" - rev=$(git rev-parse HEAD) - - if [ -e ${sshKey} ] - then - echo "Authenticating using SSH with ${sshKey}" - export GIT_SSH_COMMAND="ssh -i ${sshKey} -F /dev/null" - else - echo "There is no SSH key at ${sshKey}" - echo "Git push may not work." - fi + use_ssh_key ${sshKey} git push ${repoSSH} + rev=$(git rev-parse HEAD) + cd .. nix-prefetch-git ${repoHTTPS} --rev "$rev" | tee ${name}-src.json diff --git a/scripts/update-pins.nix b/scripts/update-pins.nix new file mode 100644 index 00000000..513c578d --- /dev/null +++ b/scripts/update-pins.nix @@ -0,0 +1,26 @@ +{ stdenv, writeScript, coreutils, glibc, git, openssh }@args: + +with stdenv.lib; + +let + repo = "git@github.com:input-output-hk/haskell.nix.git"; + sshKey = "/run/keys/buildkite-haskell-nix-ssh-private"; +in + writeScript "update-pins.sh" '' + #!${stdenv.shell} + + set -euo pipefail + + export PATH="${makeBinPath [ coreutils glibc git openssh ]}" + + source ${./git.env} + + git add *.json + check_staged + echo "Committing changes..." + git commit --message "Update Hackage and Stackage" + + use_ssh_key ${sshKey} + + git push ${repo} + ''