nixpkgs-update/src/Main.hs

{-# LANGUAGE ExtendedDefaultRules #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# OPTIONS_GHC -fno-warn-type-defaults #-}

module Main where

import Control.Applicative ((<**>))
import qualified Data.Text as T
import qualified Data.Text.IO as T
import DeleteMerged (deleteDone)
import NVD (withVulnDB)
import qualified Nix
import qualified Options.Applicative as O
import OurPrelude
import qualified Repology
import System.IO (BufferMode (..), hSetBuffering, stderr, stdout)
import System.Posix.Env (setEnv)
import Update (cveAll, cveReport, sourceGithubAll, updateAll)
import Utils (Options (..), UpdateEnv (..), setupNixpkgs)

default (T.Text)

newtype UpdateOptions
  = UpdateOptions
      { dry :: Bool
      }

data Command
  = UpdateList UpdateOptions
  | DeleteDone
  | Version
  | UpdateVulnDB
  | CheckAllVulnerable
  | SourceGithub
  | FetchRepology
  | CheckVulnerable Text Text Text

updateOptionsParser :: O.Parser Command
updateOptionsParser =
  UpdateList . UpdateOptions
    <$> O.switch
      ( O.long "dry-run"
          <> O.help
            "Do everything except actually pushing the updates to the remote repository"
      )

commandParser :: O.Parser Command
commandParser =
  O.hsubparser
    ( O.command
        "update-list"
        (O.info updateOptionsParser (O.progDesc "Update packages"))
        <> O.command
          "delete-done"
          ( O.info
              (pure DeleteDone)
              (O.progDesc "Deletes branches from PRs that were merged or closed")
          )
        <> O.command
          "version"
          ( O.info
              (pure Version)
              ( O.progDesc
                  "Displays version information for nixpkgs-update and dependencies"
              )
          )
        <> O.command
          "update-vulnerability-db"
          ( O.info
              (pure UpdateVulnDB)
              (O.progDesc "Updates the vulnerability database")
          )
        <> O.command
          "check-vulnerable"
          (O.info checkVulnerable (O.progDesc "checks if something is vulnerable"))
        <> O.command
          "check-all-vulnerable"
          ( O.info
              (pure CheckAllVulnerable)
              (O.progDesc "checks all packages to update for vulnerabilities")
          )
        <> O.command
          "source-github"
          (O.info (pure SourceGithub) (O.progDesc "looks for updates on GitHub"))
        <> O.command
          "fetch-repology"
          (O.info (pure FetchRepology) (O.progDesc "fetches update from Repology and prints them to stdout"))
    )

checkVulnerable :: O.Parser Command
checkVulnerable =
  CheckVulnerable <$> O.strArgument (O.metavar "PRODUCT_ID")
    <*> O.strArgument (O.metavar "OLD_VERSION")
    <*> O.strArgument (O.metavar "NEW_VERSION")

programInfo :: O.ParserInfo Command
programInfo =
  O.info
    (commandParser <**> O.helper)
    ( O.fullDesc
        <> O.progDesc "Update packages in the Nixpkgs repository"
        <> O.header "nixpkgs-update"
    )

getGithubToken :: IO Text
getGithubToken = T.strip <$> T.readFile "github_token.txt"

main :: IO ()
main = do
  hSetBuffering stdout LineBuffering
  hSetBuffering stderr LineBuffering
  command <- O.execParser programInfo
  case command of
    DeleteDone -> do
      token <- getGithubToken
      setupNixpkgs token
      setEnv "GITHUB_TOKEN" (T.unpack token) True
      deleteDone token
    UpdateList UpdateOptions {dry} -> do
      token <- getGithubToken
      updates <- T.readFile "packages-to-update.txt"
      setupNixpkgs token
      setEnv "PAGER" "" True
      setEnv "GITHUB_TOKEN" (T.unpack token) True
      setEnv "GC_INITIAL_HEAP_SIZE" "10g" True
      updateAll (Options dry token) updates
    Version -> do
      v <- runExceptT Nix.version
      case v of
        Left t -> T.putStrLn ("error:" <> t)
        Right t -> T.putStrLn t
    UpdateVulnDB -> withVulnDB $ \_conn -> pure ()
    CheckAllVulnerable -> do
      setupNixpkgs undefined
      updates <- T.readFile "packages-to-update.txt"
      cveAll (Options undefined undefined) updates
    CheckVulnerable productID oldVersion newVersion -> do
      setupNixpkgs undefined
      report <-
        cveReport
          (UpdateEnv productID oldVersion newVersion Nothing (Options False undefined))
      T.putStrLn report
    SourceGithub -> do
      token <- getGithubToken
      updates <- T.readFile "packages-to-update.txt"
      setupNixpkgs token
      setEnv "GITHUB_TOKEN" (T.unpack token) True
      sourceGithubAll (Options False token) updates
    FetchRepology -> Repology.fetch
wip: port to haskell 2018-03-31 06:07:46 +03:00			`{-# LANGUAGE ExtendedDefaultRules #-}`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00			`{-# LANGUAGE NamedFieldPuns #-}`
bring formatting closer to hindent 2018-04-04 12:24:55 +03:00			`{-# LANGUAGE OverloadedStrings #-}`
wip: port to haskell 2018-03-31 06:07:46 +03:00			`{-# OPTIONS_GHC -fno-warn-type-defaults #-}`
bring formatting closer to hindent 2018-04-04 12:24:55 +03:00
introduce OurPrelude to reduce importing boilerplate 2018-12-24 02:02:54 +03:00			`module Main where`

			`import Control.Applicative ((<**>))`
wip: port to haskell 2018-03-31 06:07:46 +03:00			`import qualified Data.Text as T`
remove Shelly from Main 2018-07-11 05:30:34 +03:00			`import qualified Data.Text.IO as T`
add branch deletion for done PRs 2018-09-06 16:47:09 +03:00			`import DeleteMerged (deleteDone)`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`import NVD (withVulnDB)`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`import qualified Nix`
			`import qualified Options.Applicative as O`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`import OurPrelude`
			`import qualified Repology`
			`import System.IO (BufferMode (..), hSetBuffering, stderr, stdout)`
fix issues with refactoring environment variables not accessible catching exceptions inside of shelly imprecise parsing in nix-build hash fetching 2019-03-21 08:27:20 +03:00			`import System.Posix.Env (setEnv)`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`import Update (cveAll, cveReport, sourceGithubAll, updateAll)`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`import Utils (Options (..), UpdateEnv (..), setupNixpkgs)`
port delete-merged.sh 2018-04-04 02:03:46 +03:00
wip: port to haskell 2018-03-31 06:07:46 +03:00			`default (T.Text)`

integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`newtype UpdateOptions`
			`= UpdateOptions`
			`{ dry :: Bool`
			`}`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`data Command`
rename update to update-list 2020-01-26 01:37:29 +03:00			`= UpdateList UpdateOptions`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`\| DeleteDone`
			`\| Version`
Merge branch 'cve' 2019-09-08 02:53:01 +03:00			`\| UpdateVulnDB`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`\| CheckAllVulnerable`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`\| SourceGithub`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`\| FetchRepology`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`\| CheckVulnerable Text Text Text`
port delete-merged.sh 2018-04-04 02:03:46 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`updateOptionsParser :: O.Parser Command`
			`updateOptionsParser =`
rename update to update-list 2020-01-26 01:37:29 +03:00			`UpdateList . UpdateOptions`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`<$> O.switch`
			`( O.long "dry-run"`
			`<> O.help`
			`"Do everything except actually pushing the updates to the remote repository"`
			`)`
Use CLI argument for dry-run mode Instead of DRY_RUN environment variable, we should now use more explicit `--dry-run` argument. 2019-01-18 11:20:47 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`commandParser :: O.Parser Command`
			`commandParser =`
			`O.hsubparser`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`( O.command`
rename update to update-list 2020-01-26 01:37:29 +03:00			`"update-list"`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`(O.info updateOptionsParser (O.progDesc "Update packages"))`
			`<> O.command`
			`"delete-done"`
			`( O.info`
			`(pure DeleteDone)`
			`(O.progDesc "Deletes branches from PRs that were merged or closed")`
			`)`
			`<> O.command`
			`"version"`
			`( O.info`
			`(pure Version)`
			`( O.progDesc`
			`"Displays version information for nixpkgs-update and dependencies"`
			`)`
			`)`
			`<> O.command`
			`"update-vulnerability-db"`
			`( O.info`
			`(pure UpdateVulnDB)`
			`(O.progDesc "Updates the vulnerability database")`
			`)`
			`<> O.command`
			`"check-vulnerable"`
			`(O.info checkVulnerable (O.progDesc "checks if something is vulnerable"))`
			`<> O.command`
			`"check-all-vulnerable"`
			`( O.info`
			`(pure CheckAllVulnerable)`
			`(O.progDesc "checks all packages to update for vulnerabilities")`
			`)`
			`<> O.command`
			`"source-github"`
			`(O.info (pure SourceGithub) (O.progDesc "looks for updates on GitHub"))`
			`<> O.command`
			`"fetch-repology"`
			`(O.info (pure FetchRepology) (O.progDesc "fetches update from Repology and prints them to stdout"))`
			`)`
Main: add commandline hook into the getCVEs function 2019-10-07 00:16:35 +03:00
			`checkVulnerable :: O.Parser Command`
			`checkVulnerable =`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`CheckVulnerable <$> O.strArgument (O.metavar "PRODUCT_ID")`
			`<*> O.strArgument (O.metavar "OLD_VERSION")`
			`<*> O.strArgument (O.metavar "NEW_VERSION")`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00
			`programInfo :: O.ParserInfo Command`
apply hindent default reformatting 2018-04-06 18:17:22 +03:00			`programInfo =`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`O.info`
			`(commandParser <**> O.helper)`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`( O.fullDesc`
			`<> O.progDesc "Update packages in the Nixpkgs repository"`
			`<> O.header "nixpkgs-update"`
			`)`
wip: port to haskell 2018-03-31 06:07:46 +03:00
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`getGithubToken :: IO Text`
			`getGithubToken = T.strip <$> T.readFile "github_token.txt"`
wip: port to haskell 2018-03-31 06:07:46 +03:00
			`main :: IO ()`
remove Shelly from Main 2018-07-11 05:30:34 +03:00			`main = do`
buffer stdout and stderr by line 2020-01-13 18:52:39 +03:00			`hSetBuffering stdout LineBuffering`
			`hSetBuffering stderr LineBuffering`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`command <- O.execParser programInfo`
			`case command of`
			`DeleteDone -> do`
			`token <- getGithubToken`
			`setupNixpkgs token`
			`setEnv "GITHUB_TOKEN" (T.unpack token) True`
			`deleteDone token`
rename update to update-list 2020-01-26 01:37:29 +03:00			`UpdateList UpdateOptions {dry} -> do`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`token <- getGithubToken`
			`updates <- T.readFile "packages-to-update.txt"`
			`setupNixpkgs token`
			`setEnv "PAGER" "" True`
			`setEnv "GITHUB_TOKEN" (T.unpack token) True`
			`setEnv "GC_INITIAL_HEAP_SIZE" "10g" True`
			`updateAll (Options dry token) updates`
			`Version -> do`
fix hlint warnings 2019-09-26 16:56:49 +03:00			`v <- runExceptT Nix.version`
Main: refactor so not every command has the same setup dependencies, use commands instead of switches 2019-09-08 02:48:10 +03:00			`case v of`
			`Left t -> T.putStrLn ("error:" <> t)`
			`Right t -> T.putStrLn t`
Properly check if database is out of date 2019-10-01 13:49:24 +03:00			`UpdateVulnDB -> withVulnDB $ \_conn -> pure ()`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`CheckAllVulnerable -> do`
indicate if a CVE has been patched 2019-10-28 17:41:45 +03:00			`setupNixpkgs undefined`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`updates <- T.readFile "packages-to-update.txt"`
			`cveAll (Options undefined undefined) updates`
			`CheckVulnerable productID oldVersion newVersion -> do`
indicate if a CVE has been patched 2019-10-28 17:41:45 +03:00			`setupNixpkgs undefined`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`report <-`
			`cveReport`
Explicitly specify source URL (fixes #140) 2020-02-03 22:44:58 +03:00			`(UpdateEnv productID oldVersion newVersion Nothing (Options False undefined))`
add experimental CVE reporting 2019-10-07 02:17:08 +03:00			`T.putStrLn report`
test checking GitHub for new versions 2019-10-13 00:37:34 +03:00			`SourceGithub -> do`
			`token <- getGithubToken`
			`updates <- T.readFile "packages-to-update.txt"`
			`setupNixpkgs token`
			`setEnv "GITHUB_TOKEN" (T.unpack token) True`
			`sourceGithubAll (Options False token) updates`
integrate Repology fetching code 2020-01-20 02:13:28 +03:00			`FetchRepology -> Repology.fetch`