nixpkgs-update/src/Main.hs

{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# OPTIONS_GHC -fno-warn-type-defaults #-}

module Main where

import OurPrelude

import Control.Applicative ((<**>))
import qualified Data.Text as T
import qualified Data.Text.IO as T
import DeleteMerged (deleteDone)
import NVD (withVulnDB)
import qualified Nix
import qualified Options.Applicative as O
import System.Posix.Env (setEnv)
import Update (cveAll, cveReport, sourceGithubAll, updateAll)
import Utils (Options(..), UpdateEnv(..), setupNixpkgs)

default (T.Text)

newtype UpdateOptions =
  UpdateOptions
    { dry :: Bool
    }

data Command
  = Update UpdateOptions
  | DeleteDone
  | Version
  | UpdateVulnDB
  | CheckAllVulnerable
  | SourceGithub
  | CheckVulnerable Text Text Text

updateOptionsParser :: O.Parser Command
updateOptionsParser =
  Update . UpdateOptions <$>
  O.switch
    (O.long "dry-run" <>
     O.help
       "Do everything except actually pushing the updates to the remote repository")

commandParser :: O.Parser Command
commandParser =
  O.hsubparser
    (O.command
       "update"
       (O.info updateOptionsParser (O.progDesc "Update packages")) <>
     O.command
       "delete-done"
       (O.info
          (pure DeleteDone)
          (O.progDesc "Deletes branches from PRs that were merged or closed")) <>
     O.command
       "version"
       (O.info
          (pure Version)
          (O.progDesc
             "Displays version information for nixpkgs-update and dependencies")) <>
     O.command
       "update-vulnerability-db"
       (O.info
          (pure UpdateVulnDB)
          (O.progDesc "Updates the vulnerability database")) <>
     O.command
       "check-vulnerable"
       (O.info checkVulnerable (O.progDesc "checks if something is vulnerable")) <>
     O.command
       "check-all-vulnerable"
       (O.info
          (pure CheckAllVulnerable)
          (O.progDesc "checks all packages to update for vulnerabilities")) <>
     O.command
       "source-github"
       (O.info (pure SourceGithub) (O.progDesc "looks for updates on GitHub")))

checkVulnerable :: O.Parser Command
checkVulnerable =
  CheckVulnerable <$> O.strArgument (O.metavar "PRODUCT_ID") <*>
  O.strArgument (O.metavar "OLD_VERSION") <*>
  O.strArgument (O.metavar "NEW_VERSION")

programInfo :: O.ParserInfo Command
programInfo =
  O.info
    (commandParser <**> O.helper)
    (O.fullDesc <>
     O.progDesc "Update packages in the Nixpkgs repository" <>
     O.header "nixpkgs-update")

getGithubToken :: IO Text
getGithubToken = T.strip <$> T.readFile "github_token.txt"

main :: IO ()
main = do
  command <- O.execParser programInfo
  case command of
    DeleteDone -> do
      token <- getGithubToken
      setupNixpkgs token
      setEnv "GITHUB_TOKEN" (T.unpack token) True
      deleteDone token
    Update UpdateOptions {dry} -> do
      token <- getGithubToken
      updates <- T.readFile "packages-to-update.txt"
      setupNixpkgs token
      setEnv "PAGER" "" True
      setEnv "GITHUB_TOKEN" (T.unpack token) True
      setEnv "GC_INITIAL_HEAP_SIZE" "10g" True
      updateAll (Options dry token) updates
    Version -> do
      v <- runExceptT Nix.version
      case v of
        Left t -> T.putStrLn ("error:" <> t)
        Right t -> T.putStrLn t
    UpdateVulnDB -> withVulnDB $ \_conn -> pure ()
    CheckAllVulnerable -> do
      setupNixpkgs undefined
      updates <- T.readFile "packages-to-update.txt"
      cveAll (Options undefined undefined) updates
    CheckVulnerable productID oldVersion newVersion -> do
      setupNixpkgs undefined
      report <-
        cveReport
          (UpdateEnv productID oldVersion newVersion (Options False undefined))
      T.putStrLn report
    SourceGithub -> do
      token <- getGithubToken
      updates <- T.readFile "packages-to-update.txt"
      setupNixpkgs token
      setEnv "GITHUB_TOKEN" (T.unpack token) True
      sourceGithubAll (Options False token) updates
wip: port to haskell 2018-03-31 06:07:46 +03:00			`{-# LANGUAGE ExtendedDefaultRules #-}`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00			`{-# LANGUAGE NamedFieldPuns #-}`
bring formatting closer to hindent 2018-04-04 12:24:55 +03:00			`{-# LANGUAGE OverloadedStrings #-}`
wip: port to haskell 2018-03-31 06:07:46 +03:00			`{-# OPTIONS_GHC -fno-warn-type-defaults #-}`
bring formatting closer to hindent 2018-04-04 12:24:55 +03:00
introduce OurPrelude to reduce importing boilerplate 2018-12-24 02:02:54 +03:00			`module Main where`

			`import OurPrelude`

			`import Control.Applicative ((<**>))`
wip: port to haskell 2018-03-31 06:07:46 +03:00			`import qualified Data.Text as T`
remove Shelly from Main 2018-07-11 05:30:34 +03:00			`import qualified Data.Text.IO as T`
add branch deletion for done PRs 2018-09-06 16:47:09 +03:00			`import DeleteMerged (deleteDone)`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`import NVD (withVulnDB)`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`import qualified Nix`
			`import qualified Options.Applicative as O`
fix issues with refactoring environment variables not accessible catching exceptions inside of shelly imprecise parsing in nix-build hash fetching 2019-03-21 08:27:20 +03:00			`import System.Posix.Env (setEnv)`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`import Update (cveAll, cveReport, sourceGithubAll, updateAll)`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`import Utils (Options(..), UpdateEnv(..), setupNixpkgs)`
port delete-merged.sh 2018-04-04 02:03:46 +03:00
wip: port to haskell 2018-03-31 06:07:46 +03:00			`default (T.Text)`

fix hlint warnings 2019-09-26 16:56:49 +03:00			`newtype UpdateOptions =`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`UpdateOptions`
			`{ dry :: Bool`
Main: remove UpdateMergeBase option which actually did nothing yet 2019-08-25 00:03:30 +03:00			`}`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`data Command`
			`= Update UpdateOptions`
			`\| DeleteDone`
			`\| Version`
Merge branch 'cve' 2019-09-08 02:53:01 +03:00			`\| UpdateVulnDB`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`\| CheckAllVulnerable`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`\| SourceGithub`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`\| CheckVulnerable Text Text Text`
port delete-merged.sh 2018-04-04 02:03:46 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`updateOptionsParser :: O.Parser Command`
			`updateOptionsParser =`
fix hlint warnings 2019-09-26 16:56:49 +03:00			`Update . UpdateOptions <$>`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`O.switch`
			`(O.long "dry-run" <>`
			`O.help`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00			`"Do everything except actually pushing the updates to the remote repository")`

Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`commandParser :: O.Parser Command`
			`commandParser =`
			`O.hsubparser`
fix hlint warnings 2019-09-26 16:56:49 +03:00			`(O.command`
			`"update"`
			`(O.info updateOptionsParser (O.progDesc "Update packages")) <>`
			`O.command`
			`"delete-done"`
			`(O.info`
			`(pure DeleteDone)`
			`(O.progDesc "Deletes branches from PRs that were merged or closed")) <>`
			`O.command`
			`"version"`
			`(O.info`
			`(pure Version)`
			`(O.progDesc`
			`"Displays version information for nixpkgs-update and dependencies")) <>`
			`O.command`
			`"update-vulnerability-db"`
			`(O.info`
			`(pure UpdateVulnDB)`
Main: add commandline hook into the getCVEs function 2019-10-07 00:16:35 +03:00			`(O.progDesc "Updates the vulnerability database")) <>`
			`O.command`
			`"check-vulnerable"`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`(O.info checkVulnerable (O.progDesc "checks if something is vulnerable")) <>`
			`O.command`
			`"check-all-vulnerable"`
			`(O.info`
			`(pure CheckAllVulnerable)`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`(O.progDesc "checks all packages to update for vulnerabilities")) <>`
			`O.command`
			`"source-github"`
			`(O.info (pure SourceGithub) (O.progDesc "looks for updates on GitHub")))`
Main: add commandline hook into the getCVEs function 2019-10-07 00:16:35 +03:00
			`checkVulnerable :: O.Parser Command`
			`checkVulnerable =`
			`CheckVulnerable <$> O.strArgument (O.metavar "PRODUCT_ID") <*>`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`O.strArgument (O.metavar "OLD_VERSION") <*>`
			`O.strArgument (O.metavar "NEW_VERSION")`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00
			`programInfo :: O.ParserInfo Command`
apply hindent default reformatting 2018-04-06 18:17:22 +03:00			`programInfo =`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`O.info`
			`(commandParser <**> O.helper)`
Main: add commandline hook into the getCVEs function 2019-10-07 00:16:35 +03:00			`(O.fullDesc <>`
			`O.progDesc "Update packages in the Nixpkgs repository" <>`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`O.header "nixpkgs-update")`
wip: port to haskell 2018-03-31 06:07:46 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`getGithubToken :: IO Text`
			`getGithubToken = T.strip <$> T.readFile "github_token.txt"`
wip: port to haskell 2018-03-31 06:07:46 +03:00
			`main :: IO ()`
remove Shelly from Main 2018-07-11 05:30:34 +03:00			`main = do`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`command <- O.execParser programInfo`
			`case command of`
			`DeleteDone -> do`
			`token <- getGithubToken`
			`setupNixpkgs token`
			`setEnv "GITHUB_TOKEN" (T.unpack token) True`
			`deleteDone token`
fix hlint warnings 2019-09-26 16:56:49 +03:00			`Update UpdateOptions {dry} -> do`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`token <- getGithubToken`
			`updates <- T.readFile "packages-to-update.txt"`
			`setupNixpkgs token`
			`setEnv "PAGER" "" True`
			`setEnv "GITHUB_TOKEN" (T.unpack token) True`
			`setEnv "GC_INITIAL_HEAP_SIZE" "10g" True`
			`updateAll (Options dry token) updates`
			`Version -> do`
fix hlint warnings 2019-09-26 16:56:49 +03:00			`v <- runExceptT Nix.version`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`case v of`
			`Left t -> T.putStrLn ("error:" <> t)`
			`Right t -> T.putStrLn t`
Properly check if database is out of date 2019-10-01 13:49:24 +03:00			`UpdateVulnDB -> withVulnDB $ \_conn -> pure ()`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`CheckAllVulnerable -> do`
indicate if a CVE has been patched 2019-10-28 17:41:45 +03:00			`setupNixpkgs undefined`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`updates <- T.readFile "packages-to-update.txt"`
			`cveAll (Options undefined undefined) updates`
			`CheckVulnerable productID oldVersion newVersion -> do`
indicate if a CVE has been patched 2019-10-28 17:41:45 +03:00			`setupNixpkgs undefined`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`report <-`
			`cveReport`
			`(UpdateEnv productID oldVersion newVersion (Options False undefined))`
			`T.putStrLn report`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`SourceGithub -> do`
			`token <- getGithubToken`
			`updates <- T.readFile "packages-to-update.txt"`
			`setupNixpkgs token`
			`setEnv "GITHUB_TOKEN" (T.unpack token) True`
			`sourceGithubAll (Options False token) updates`