nixpkgs-update/app/Main.hs

{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# OPTIONS_GHC -fno-warn-type-defaults #-}

module Main where

import Control.Applicative ((<**>))
import qualified Data.Text as T
import qualified Data.Text.IO as T
import DeleteMerged (deleteDone)
import Git
import qualified GitHub as GH
import NVD (withVulnDB)
import qualified Nix
import qualified Options.Applicative as O
import OurPrelude
import qualified Repology
import System.IO (BufferMode (..), hSetBuffering, stderr, stdout)
import qualified System.Posix.Env as P
import Update (cveAll, cveReport, sourceGithubAll, updatePackage)
import Utils (Options (..), UpdateEnv (..), getGithubToken, getGithubUser)

default (T.Text)

data UpdateOptions = UpdateOptions
  { pr :: Bool,
    cve :: Bool,
    nixpkgsReview :: Bool,
    outpaths :: Bool,
    attrpathOpt :: Bool
  }

data Command
  = Update UpdateOptions Text
  | UpdateBatch UpdateOptions Text
  | DeleteDone Bool
  | Version
  | UpdateVulnDB
  | CheckAllVulnerable
  | SourceGithub
  | FetchRepology
  | CheckVulnerable Text Text Text

updateOptionsParser :: O.Parser UpdateOptions
updateOptionsParser =
  UpdateOptions
    <$> O.flag False True (O.long "pr" <> O.help "Make a pull request using Hub.")
    <*> O.flag False True (O.long "cve" <> O.help "Make a CVE vulnerability report.")
    <*> O.flag False True (O.long "nixpkgs-review" <> O.help "Runs nixpkgs-review on update commit rev")
    <*> O.flag False True (O.long "outpaths" <> O.help "Calculate outpaths to determine the branch to target")
    <*> O.flag False True (O.long "attrpath" <> O.help "UPDATE_INFO uses the exact attrpath.")

updateParser :: O.Parser Command
updateParser =
  Update
    <$> updateOptionsParser
    <*> O.strArgument (O.metavar "UPDATE_INFO" <> O.help "update string of the form: 'pkg oldVer newVer update-page'\n\n example: 'tflint 0.15.0 0.15.1 repology.org'")

updateBatchParser :: O.Parser Command
updateBatchParser =
  UpdateBatch
    <$> updateOptionsParser
    <*> O.strArgument (O.metavar "UPDATE_INFO" <> O.help "update string of the form: 'pkg oldVer newVer update-page'\n\n example: 'tflint 0.15.0 0.15.1 repology.org'")

deleteDoneParser :: O.Parser Command
deleteDoneParser =
  DeleteDone
    <$> O.flag False True (O.long "delete" <> O.help "Actually delete the done branches. Otherwise just prints the branches to delete.")

commandParser :: O.Parser Command
commandParser =
  O.hsubparser
    ( O.command
        "update"
        (O.info (updateParser) (O.progDesc "Update one package"))
        <> O.command
          "update-batch"
          (O.info (updateBatchParser) (O.progDesc "Update one package in batch mode."))
        <> O.command
          "delete-done"
          ( O.info
              deleteDoneParser
              (O.progDesc "Deletes branches from PRs that were merged or closed")
          )
        <> O.command
          "version"
          ( O.info
              (pure Version)
              ( O.progDesc
                  "Displays version information for nixpkgs-update and dependencies"
              )
          )
        <> O.command
          "update-vulnerability-db"
          ( O.info
              (pure UpdateVulnDB)
              (O.progDesc "Updates the vulnerability database")
          )
        <> O.command
          "check-vulnerable"
          (O.info checkVulnerable (O.progDesc "checks if something is vulnerable"))
        <> O.command
          "check-all-vulnerable"
          ( O.info
              (pure CheckAllVulnerable)
              (O.progDesc "checks all packages to update for vulnerabilities")
          )
        <> O.command
          "source-github"
          (O.info (pure SourceGithub) (O.progDesc "looks for updates on GitHub"))
        <> O.command
          "fetch-repology"
          (O.info (pure FetchRepology) (O.progDesc "fetches update from Repology and prints them to stdout"))
    )

checkVulnerable :: O.Parser Command
checkVulnerable =
  CheckVulnerable
    <$> O.strArgument (O.metavar "PRODUCT_ID")
    <*> O.strArgument (O.metavar "OLD_VERSION")
    <*> O.strArgument (O.metavar "NEW_VERSION")

programInfo :: O.ParserInfo Command
programInfo =
  O.info
    (commandParser <**> O.helper)
    ( O.fullDesc
        <> O.progDesc "Update packages in the Nixpkgs repository"
        <> O.header "nixpkgs-update"
    )

main :: IO ()
main = do
  hSetBuffering stdout LineBuffering
  hSetBuffering stderr LineBuffering
  command <- O.execParser programInfo
  ghUser <- getGithubUser
  token <- fromMaybe "" <$> getGithubToken
  P.setEnv "GITHUB_TOKEN" (T.unpack token) True
  P.setEnv "GITHUB_API_TOKEN" (T.unpack token) True
  P.setEnv "PAGER" "" True
  case command of
    DeleteDone delete -> do
      setupNixpkgs $ GH.untagName ghUser
      deleteDone delete token ghUser
    Update UpdateOptions {pr, cve, nixpkgsReview, outpaths, attrpathOpt} update -> do
      setupNixpkgs $ GH.untagName ghUser
      updatePackage (Options pr False ghUser token cve nixpkgsReview outpaths attrpathOpt) update
    UpdateBatch UpdateOptions {pr, cve, nixpkgsReview, outpaths, attrpathOpt} update -> do
      setupNixpkgs $ GH.untagName ghUser
      updatePackage (Options pr True ghUser token cve nixpkgsReview outpaths attrpathOpt) update
    Version -> do
      v <- runExceptT Nix.version
      case v of
        Left t -> T.putStrLn ("error:" <> t)
        Right t -> T.putStrLn t
    UpdateVulnDB -> withVulnDB $ \_conn -> pure ()
    CheckAllVulnerable -> do
      setupNixpkgs $ GH.untagName ghUser
      updates <- T.readFile "packages-to-update.txt"
      cveAll undefined updates
    CheckVulnerable productID oldVersion newVersion -> do
      setupNixpkgs $ GH.untagName ghUser
      report <-
        cveReport
          (UpdateEnv productID oldVersion newVersion Nothing (Options False False ghUser token False False False False))
      T.putStrLn report
    SourceGithub -> do
      updates <- T.readFile "packages-to-update.txt"
      setupNixpkgs $ GH.untagName ghUser
      sourceGithubAll (Options False False ghUser token False False False False) updates
    FetchRepology -> Repology.fetch
wip: port to haskell 2018-03-31 06:07:46 +03:00			`{-# LANGUAGE ExtendedDefaultRules #-}`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00			`{-# LANGUAGE NamedFieldPuns #-}`
bring formatting closer to hindent 2018-04-04 12:24:55 +03:00			`{-# LANGUAGE OverloadedStrings #-}`
wip: port to haskell 2018-03-31 06:07:46 +03:00			`{-# OPTIONS_GHC -fno-warn-type-defaults #-}`
bring formatting closer to hindent 2018-04-04 12:24:55 +03:00
introduce OurPrelude to reduce importing boilerplate 2018-12-24 02:02:54 +03:00			`module Main where`

			`import Control.Applicative ((<**>))`
wip: port to haskell 2018-03-31 06:07:46 +03:00			`import qualified Data.Text as T`
remove Shelly from Main 2018-07-11 05:30:34 +03:00			`import qualified Data.Text.IO as T`
add branch deletion for done PRs 2018-09-06 16:47:09 +03:00			`import DeleteMerged (deleteDone)`
fix delete-done, don't delete unless --delete passed fixes #213 2020-06-13 07:34:18 +03:00			`import Git`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`import qualified GitHub as GH`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`import NVD (withVulnDB)`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`import qualified Nix`
			`import qualified Options.Applicative as O`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`import OurPrelude`
			`import qualified Repology`
			`import System.IO (BufferMode (..), hSetBuffering, stderr, stdout)`
only use GC_INITIAL_HEAP_SIZE for outpaths 2020-02-09 02:24:37 +03:00			`import qualified System.Posix.Env as P`
fix app 2023-01-05 07:29:13 +03:00			`import Update (cveAll, cveReport, sourceGithubAll, updatePackage)`
Pull GitHub Username from hub cfg instead of hard-coding r-ryantm Resolves #192 Also avoids the unqualified import on `GitHub` in GH.hs, since this lib's types are already complex/confusing enough without the ambiguity! 2020-06-07 05:11:23 +03:00			`import Utils (Options (..), UpdateEnv (..), getGithubToken, getGithubUser)`
port delete-merged.sh 2018-04-04 02:03:46 +03:00
wip: port to haskell 2018-03-31 06:07:46 +03:00			`default (T.Text)`

reformat all with ormolu 2020-07-21 15:36:23 +03:00			`data UpdateOptions = UpdateOptions`
			`{ pr :: Bool,`
			`cve :: Bool,`
			`nixpkgsReview :: Bool,`
add --atterpath flag to support exact attrpath update info 2021-08-27 22:15:26 +03:00			`outpaths :: Bool,`
			`attrpathOpt :: Bool`
reformat all with ormolu 2020-07-21 15:36:23 +03:00			`}`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`data Command`
remove update-list option; improve result logging 2023-01-05 07:25:21 +03:00			`= Update UpdateOptions Text`
add new UpdateBatch command 2022-07-07 18:01:40 +03:00			`\| UpdateBatch UpdateOptions Text`
fix delete-done, don't delete unless --delete passed fixes #213 2020-06-13 07:34:18 +03:00			`\| DeleteDone Bool`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`\| Version`
Merge branch 'cve' 2019-09-08 02:53:01 +03:00			`\| UpdateVulnDB`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`\| CheckAllVulnerable`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`\| SourceGithub`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`\| FetchRepology`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`\| CheckVulnerable Text Text Text`
port delete-merged.sh 2018-04-04 02:03:46 +03:00
add update command with --additionalUpdates switch 2020-02-09 20:13:46 +03:00			`updateOptionsParser :: O.Parser UpdateOptions`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`updateOptionsParser =`
add update command with --additionalUpdates switch 2020-02-09 20:13:46 +03:00			`UpdateOptions`
improve ux for single update case * instead of --dry-run use --pr to indicate a PR is wanted * instead of additional updates, have update take the update as an argument * print out stdout instead of log file in the case of non-batch updates * print PR message to log even in the case of no PR 2020-04-06 03:23:12 +03:00			`<$> O.flag False True (O.long "pr" <> O.help "Make a pull request using Hub.")`
hide CVE reporting behind flag closes #183 2020-04-07 06:39:27 +03:00			`<*> O.flag False True (O.long "cve" <> O.help "Make a CVE vulnerability report.")`
optionally run nixpkgs-review 2020-04-13 02:36:59 +03:00			`<*> O.flag False True (O.long "nixpkgs-review" <> O.help "Runs nixpkgs-review on update commit rev")`
hide slow outpaths behind flag 2020-02-22 09:18:14 +03:00			`<*> O.flag False True (O.long "outpaths" <> O.help "Calculate outpaths to determine the branch to target")`
add --atterpath flag to support exact attrpath update info 2021-08-27 22:15:26 +03:00			`<*> O.flag False True (O.long "attrpath" <> O.help "UPDATE_INFO uses the exact attrpath.")`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00
improve ux for single update case * instead of --dry-run use --pr to indicate a PR is wanted * instead of additional updates, have update take the update as an argument * print out stdout instead of log file in the case of non-batch updates * print PR message to log even in the case of no PR 2020-04-06 03:23:12 +03:00			`updateParser :: O.Parser Command`
			`updateParser =`
			`Update`
			`<$> updateOptionsParser`
			`<*> O.strArgument (O.metavar "UPDATE_INFO" <> O.help "update string of the form: 'pkg oldVer newVer update-page'\n\n example: 'tflint 0.15.0 0.15.1 repology.org'")`

Main: fix update-batch command parser 2022-07-28 06:24:10 +03:00			`updateBatchParser :: O.Parser Command`
			`updateBatchParser =`
			`UpdateBatch`
			`<$> updateOptionsParser`
			`<*> O.strArgument (O.metavar "UPDATE_INFO" <> O.help "update string of the form: 'pkg oldVer newVer update-page'\n\n example: 'tflint 0.15.0 0.15.1 repology.org'")`

fix delete-done, don't delete unless --delete passed fixes #213 2020-06-13 07:34:18 +03:00			`deleteDoneParser :: O.Parser Command`
			`deleteDoneParser =`
			`DeleteDone`
			`<$> O.flag False True (O.long "delete" <> O.help "Actually delete the done branches. Otherwise just prints the branches to delete.")`

Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`commandParser :: O.Parser Command`
			`commandParser =`
			`O.hsubparser`
format 2024-04-03 01:01:16 +03:00			`( O.command`
			`"update"`
			`(O.info (updateParser) (O.progDesc "Update one package"))`
add new UpdateBatch command 2022-07-07 18:01:40 +03:00			`<> O.command`
			`"update-batch"`
Main: fix update-batch command parser 2022-07-28 06:24:10 +03:00			`(O.info (updateBatchParser) (O.progDesc "Update one package in batch mode."))`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`<> O.command`
			`"delete-done"`
			`( O.info`
fix delete-done, don't delete unless --delete passed fixes #213 2020-06-13 07:34:18 +03:00			`deleteDoneParser`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`(O.progDesc "Deletes branches from PRs that were merged or closed")`
			`)`
			`<> O.command`
			`"version"`
			`( O.info`
			`(pure Version)`
			`( O.progDesc`
			`"Displays version information for nixpkgs-update and dependencies"`
			`)`
			`)`
			`<> O.command`
			`"update-vulnerability-db"`
			`( O.info`
			`(pure UpdateVulnDB)`
			`(O.progDesc "Updates the vulnerability database")`
			`)`
			`<> O.command`
			`"check-vulnerable"`
			`(O.info checkVulnerable (O.progDesc "checks if something is vulnerable"))`
			`<> O.command`
			`"check-all-vulnerable"`
			`( O.info`
			`(pure CheckAllVulnerable)`
			`(O.progDesc "checks all packages to update for vulnerabilities")`
			`)`
			`<> O.command`
			`"source-github"`
			`(O.info (pure SourceGithub) (O.progDesc "looks for updates on GitHub"))`
			`<> O.command`
			`"fetch-repology"`
			`(O.info (pure FetchRepology) (O.progDesc "fetches update from Repology and prints them to stdout"))`
			`)`
Main: add commandline hook into the getCVEs function 2019-10-07 00:16:35 +03:00
			`checkVulnerable :: O.Parser Command`
			`checkVulnerable =`
format 2024-04-03 01:01:16 +03:00			`CheckVulnerable`
			`<$> O.strArgument (O.metavar "PRODUCT_ID")`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`<*> O.strArgument (O.metavar "OLD_VERSION")`
			`<*> O.strArgument (O.metavar "NEW_VERSION")`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00
			`programInfo :: O.ParserInfo Command`
apply hindent default reformatting 2018-04-06 18:17:22 +03:00			`programInfo =`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`O.info`
			`(commandParser <**> O.helper)`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`( O.fullDesc`
			`<> O.progDesc "Update packages in the Nixpkgs repository"`
			`<> O.header "nixpkgs-update"`
			`)`
wip: port to haskell 2018-03-31 06:07:46 +03:00
			`main :: IO ()`
remove Shelly from Main 2018-07-11 05:30:34 +03:00			`main = do`
buffer stdout and stderr by line 2020-01-13 18:52:39 +03:00			`hSetBuffering stdout LineBuffering`
			`hSetBuffering stderr LineBuffering`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`command <- O.execParser programInfo`
Pull GitHub Username from hub cfg instead of hard-coding r-ryantm Resolves #192 Also avoids the unqualified import on `GitHub` in GH.hs, since this lib's types are already complex/confusing enough without the ambiguity! 2020-06-07 05:11:23 +03:00			`ghUser <- getGithubUser`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`token <- fromMaybe "" <$> getGithubToken`
Pull GitHub Username from hub cfg instead of hard-coding r-ryantm Resolves #192 Also avoids the unqualified import on `GitHub` in GH.hs, since this lib's types are already complex/confusing enough without the ambiguity! 2020-06-07 05:11:23 +03:00			`P.setEnv "GITHUB_TOKEN" (T.unpack token) True`
also set GITHUB_API_TOKEN jonringer says his python update script uses it 2020-10-11 22:35:18 +03:00			`P.setEnv "GITHUB_API_TOKEN" (T.unpack token) True`
Pull GitHub Username from hub cfg instead of hard-coding r-ryantm Resolves #192 Also avoids the unqualified import on `GitHub` in GH.hs, since this lib's types are already complex/confusing enough without the ambiguity! 2020-06-07 05:11:23 +03:00			`P.setEnv "PAGER" "" True`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`case command of`
fix delete-done, don't delete unless --delete passed fixes #213 2020-06-13 07:34:18 +03:00			`DeleteDone delete -> do`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`setupNixpkgs $ GH.untagName ghUser`
fix delete-done, don't delete unless --delete passed fixes #213 2020-06-13 07:34:18 +03:00			`deleteDone delete token ghUser`
fix outpath evaluation 2021-11-13 22:58:24 +03:00			`Update UpdateOptions {pr, cve, nixpkgsReview, outpaths, attrpathOpt} update -> do`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`setupNixpkgs $ GH.untagName ghUser`
fix outpath evaluation 2021-11-13 22:58:24 +03:00			`updatePackage (Options pr False ghUser token cve nixpkgsReview outpaths attrpathOpt) update`
add new UpdateBatch command 2022-07-07 18:01:40 +03:00			`UpdateBatch UpdateOptions {pr, cve, nixpkgsReview, outpaths, attrpathOpt} update -> do`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`setupNixpkgs $ GH.untagName ghUser`
add new UpdateBatch command 2022-07-07 18:01:40 +03:00			`updatePackage (Options pr True ghUser token cve nixpkgsReview outpaths attrpathOpt) update`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`Version -> do`
fix hlint warnings 2019-09-26 16:56:49 +03:00			`v <- runExceptT Nix.version`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`case v of`
			`Left t -> T.putStrLn ("error:" <> t)`
			`Right t -> T.putStrLn t`
Properly check if database is out of date 2019-10-01 13:49:24 +03:00			`UpdateVulnDB -> withVulnDB $ \_conn -> pure ()`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`CheckAllVulnerable -> do`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`setupNixpkgs $ GH.untagName ghUser`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`updates <- T.readFile "packages-to-update.txt"`
hide CVE reporting behind flag closes #183 2020-04-07 06:39:27 +03:00			`cveAll undefined updates`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`CheckVulnerable productID oldVersion newVersion -> do`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`setupNixpkgs $ GH.untagName ghUser`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`report <-`
			`cveReport`
add --atterpath flag to support exact attrpath update info 2021-08-27 22:15:26 +03:00			`(UpdateEnv productID oldVersion newVersion Nothing (Options False False ghUser token False False False False))`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`T.putStrLn report`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`SourceGithub -> do`
			`updates <- T.readFile "packages-to-update.txt"`
Drop hub dependency Also be more permissive when a GitHub token isn't available. 2023-03-03 07:30:36 +03:00			`setupNixpkgs $ GH.untagName ghUser`
add --atterpath flag to support exact attrpath update info 2021-08-27 22:15:26 +03:00			`sourceGithubAll (Options False False ghUser token False False False False) updates`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`FetchRepology -> Repology.fetch`