nix-community/nixpkgs-update
1
1
Fork 0
mirror of https://github.com/nix-community/nixpkgs-update.git synced 2024-09-11 22:07:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

optionally run nixpkgs-review

Browse Source
This commit is contained in:
Ryan Mulligan 2020-04-12 16:36:59 -07:00
parent e4968ed9f5
commit 36f251fd73
15 changed files with 128 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -107,6 +107,10 @@ nixpkgs-update supports interactive, single package updates via the
* `--cve`—adds CVE vulnerability reporting to the PR message. On * `--cve`—adds CVE vulnerability reporting to the PR message. On
first invocation with this option, a CVE database is first invocation with this option, a CVE database is
built. Subsequent invocations will be much faster. built. Subsequent invocations will be much faster.
* `--nixpkgs-review`—runs
[nixpkgs-review](https://github.com/Mic92/nixpkgs-review), which
tries to build all the packages that depend on the one being updated
and adds a report.
# Batch updates # Batch updates

14
app/Main.hs
View File

@ -26,6 +26,7 @@ data UpdateOptions
{ pr :: Bool, { pr :: Bool,
cve :: Bool, cve :: Bool,
cachix :: Bool, cachix :: Bool,
nixpkgsReview :: Bool,
outpaths :: Bool outpaths :: Bool
} }
@ -46,6 +47,7 @@ updateOptionsParser =
<$> O.flag False True (O.long "pr" <> O.help "Make a pull request using Hub.") <$> O.flag False True (O.long "pr" <> O.help "Make a pull request using Hub.")
<*> O.flag False True (O.long "cve" <> O.help "Make a CVE vulnerability report.") <*> O.flag False True (O.long "cve" <> O.help "Make a CVE vulnerability report.")
<*> O.flag False True (O.long "cachix" <> O.help "Push changes to Cachix") <*> O.flag False True (O.long "cachix" <> O.help "Push changes to Cachix")
<*> O.flag False True (O.long "nixpkgs-review" <> O.help "Runs nixpkgs-review on update commit rev")
<*> O.flag False True (O.long "outpaths" <> O.help "Calculate outpaths to determine the branch to target") <*> O.flag False True (O.long "outpaths" <> O.help "Calculate outpaths to determine the branch to target")
updateParser :: O.Parser Command updateParser :: O.Parser Command
@ -126,19 +128,19 @@ main = do
setupNixpkgs token setupNixpkgs token
P.setEnv "GITHUB_TOKEN" (T.unpack token) True P.setEnv "GITHUB_TOKEN" (T.unpack token) True
deleteDone token deleteDone token
UpdateList UpdateOptions {pr, cachix, cve, outpaths} -> do UpdateList UpdateOptions {pr, cachix, cve, nixpkgsReview, outpaths} -> do
token <- getGithubToken token <- getGithubToken
updates <- T.readFile "packages-to-update.txt" updates <- T.readFile "packages-to-update.txt"
setupNixpkgs token setupNixpkgs token
P.setEnv "PAGER" "" True P.setEnv "PAGER" "" True
P.setEnv "GITHUB_TOKEN" (T.unpack token) True P.setEnv "GITHUB_TOKEN" (T.unpack token) True
updateAll (Options pr True token cve cachix outpaths) updates updateAll (Options pr True token cve cachix nixpkgsReview outpaths) updates
Update UpdateOptions {pr, cve, cachix} update -> do Update UpdateOptions {pr, cve, cachix, nixpkgsReview} update -> do
token <- getGithubToken token <- getGithubToken
setupNixpkgs token setupNixpkgs token
P.setEnv "PAGER" "" True P.setEnv "PAGER" "" True
P.setEnv "GITHUB_TOKEN" (T.unpack token) True P.setEnv "GITHUB_TOKEN" (T.unpack token) True
result <- updatePackage (Options pr False token cve cachix False) update result <- updatePackage (Options pr False token cve cachix nixpkgsReview False) update
case result of case result of
Left e -> T.putStrLn e Left e -> T.putStrLn e
Right () -> T.putStrLn "Done." Right () -> T.putStrLn "Done."
@ -156,12 +158,12 @@ main = do
setupNixpkgs undefined setupNixpkgs undefined
report <- report <-
cveReport cveReport
(UpdateEnv productID oldVersion newVersion Nothing (Options False False undefined False False False)) (UpdateEnv productID oldVersion newVersion Nothing (Options False False undefined False False False False))
T.putStrLn report T.putStrLn report
SourceGithub -> do SourceGithub -> do
token <- getGithubToken token <- getGithubToken
updates <- T.readFile "packages-to-update.txt" updates <- T.readFile "packages-to-update.txt"
setupNixpkgs token setupNixpkgs token
P.setEnv "GITHUB_TOKEN" (T.unpack token) True P.setEnv "GITHUB_TOKEN" (T.unpack token) True
sourceGithubAll (Options False False token False False False) updates sourceGithubAll (Options False False token False False False False) updates
FetchRepology -> Repology.fetch FetchRepology -> Repology.fetch

2
default.nix
View File

@ -24,5 +24,7 @@ in pkg.overrideAttrs (attrs: {
jq jq
tree tree
gist gist
(import sources.nixpkgs-review { inherit pkgs; })
cabal-install # just for develpoment
]; ];
}) })

12
nix/sources.json
View File

@ -34,5 +34,17 @@
"type": "tarball", "type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/78bfdbb291fd20df0f0f65061ee3081610b0a48f.tar.gz", "url": "https://github.com/nixos/nixpkgs/archive/78bfdbb291fd20df0f0f65061ee3081610b0a48f.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs-review": {
"branch": "master",
"description": "Review pull-requests on https://github.com/NixOS/nixpkgs",
"homepage": "",
"owner": "mic92",
"repo": "nixpkgs-review",
"rev": "370e90a8d20640cc8924dacb4f55a86dadcec57f",
"sha256": "026lmwbvqdp7a3nkd08rd0nfyb9yiic36w6s7mh2rpp0ihp7qsd6",
"type": "tarball",
"url": "https://github.com/mic92/nixpkgs-review/archive/370e90a8d20640cc8924dacb4f55a86dadcec57f.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }

3
nixpkgs-update.cabal
View File

@ -4,7 +4,7 @@ cabal-version: 2.2
-- --
-- see: https://github.com/sol/hpack -- see: https://github.com/sol/hpack
-- --
-- hash: 09aa8671b0f8077c9c194e15f72bc2aec790275993b5122ab17c192622236836 -- hash: 7492d0fc2af5df377764d358317e0892c0bda2961943218f8dcdeef179700cd9
name: nixpkgs-update name: nixpkgs-update
version: 0.2.0 version: 0.2.0
@ -37,6 +37,7 @@ library
GH GH
Git Git
Nix Nix
NixpkgsReview
NVD NVD
NVDRules NVDRules
OurPrelude OurPrelude

2
src/File.hs
View File

@ -53,6 +53,6 @@ replaceIO :: MonadIO m => Text -> Text -> FilePath -> m Bool
replaceIO find replacement file = replaceIO find replacement file =
liftIO liftIO
$ runFinal $ runFinal
$ embedToFinal @IO $ embedToFinal
$ runIO $ runIO
$ (replace find replacement file) $ (replace find replacement file)

2
src/Git.hs
View File

@ -124,7 +124,7 @@ commit ref =
runProcessNoIndexIssue_ (proc "git" ["commit", "-am", T.unpack ref]) runProcessNoIndexIssue_ (proc "git" ["commit", "-am", T.unpack ref])
headHash :: MonadIO m => ExceptT Text m Text headHash :: MonadIO m => ExceptT Text m Text
headHash = readProcessInterleavedNoIndexIssue_ "git rev-parse HEAD" headHash = T.strip <$> readProcessInterleavedNoIndexIssue_ "git rev-parse HEAD"
deleteBranchesEverywhere :: Vector Text -> IO () deleteBranchesEverywhere :: Vector Text -> IO ()
deleteBranchesEverywhere branches = do deleteBranchesEverywhere branches = do

2
src/Nix.hs
View File

@ -224,7 +224,7 @@ getHomepageET attrPath =
ExceptT ExceptT
. liftIO . liftIO
. runFinal . runFinal
. embedToFinal @IO . embedToFinal
. Error.runError . Error.runError
. Process.runIO . Process.runIO
$ getHomepage attrPath $ getHomepage attrPath

48
src/NixpkgsReview.hs Normal file
View File

@ -0,0 +1,48 @@
{-# LANGUAGE OverloadedStrings #-}
module NixpkgsReview
( cacheDir,
runReport,
)
where
import Data.Text as T
import qualified File as F
import OurPrelude
import qualified Process as P
import System.Environment.XDG.BaseDir (getUserCacheDir)
import Prelude hiding (log)
cacheDir :: IO FilePath
cacheDir = getUserCacheDir "nixpkgs-review"
revDir :: FilePath -> Text -> FilePath
revDir cache commit = cache <> "/rev-" <> T.unpack commit
run ::
Members '[F.File, P.Process] r =>
FilePath ->
Text ->
Sem r Text
run cache commit = do
-- TODO: probably just skip running nixpkgs-review if the directory
-- already exists
void $ ourReadProcessInterleavedSem $
proc "rm" ["-rf", revDir cache commit]
void $ ourReadProcessInterleavedSem $
proc "nixpkgs-review" ["rev", T.unpack commit, "--no-shell"]
F.read $ (revDir cache commit) <> "/report.md"
-- Assumes we are already in nixpkgs dir
runReport :: (Text -> IO ()) -> Text -> IO Text
runReport log commit = do
log "[check][nixpkgs-review]"
c <- cacheDir
msg <-
runFinal
. embedToFinal
. F.runIO
. P.runIO
$ NixpkgsReview.run c commit
log msg
return msg

13
src/OurPrelude.hs
View File

@ -25,6 +25,7 @@ module OurPrelude
ourReadProcessInterleavedBS_, ourReadProcessInterleavedBS_,
ourReadProcessInterleaved, ourReadProcessInterleaved,
ourReadProcessInterleaved_Sem, ourReadProcessInterleaved_Sem,
ourReadProcessInterleavedSem,
silently, silently,
bytestringToText, bytestringToText,
) )
@ -81,11 +82,11 @@ ourReadProcessInterleaved_ =
readProcessInterleaved_ >>> tryIOTextET >>> fmapRT bytestringToText readProcessInterleaved_ >>> tryIOTextET >>> fmapRT bytestringToText
ourReadProcessInterleaved_Sem :: ourReadProcessInterleaved_Sem ::
Members '[P.Process, Error Text] r => Members '[P.Process] r =>
ProcessConfig stdin stdoutIgnored stderrIgnored -> ProcessConfig stdin stdoutIgnored stderrIgnored ->
Sem r Text Sem r Text
ourReadProcessInterleaved_Sem = ourReadProcessInterleaved_Sem =
P.readInterleaved >>> fmap bytestringToText P.readInterleaved_ >>> fmap bytestringToText
ourReadProcessInterleaved :: ourReadProcessInterleaved ::
MonadIO m => MonadIO m =>
@ -96,5 +97,13 @@ ourReadProcessInterleaved =
>>> tryIOTextET >>> tryIOTextET
>>> fmapRT (\(a, b) -> (a, bytestringToText b)) >>> fmapRT (\(a, b) -> (a, bytestringToText b))
ourReadProcessInterleavedSem ::
Members '[P.Process] r =>
ProcessConfig stdin stdoutIgnored stderrIgnored ->
Sem r (ExitCode, Text)
ourReadProcessInterleavedSem =
P.readInterleaved
>>> fmap (\(a, b) -> (a, bytestringToText b))
silently :: ProcessConfig stdin stdout stderr -> ProcessConfig () () () silently :: ProcessConfig stdin stdout stderr -> ProcessConfig () () ()
silently = setStderr closed >>> setStdin closed >>> setStdout closed silently = setStderr closed >>> setStdin closed >>> setStdout closed

12
src/Process.hs
View File

@ -7,9 +7,11 @@ import qualified Data.ByteString.Lazy as BSL
import Polysemy import Polysemy
import Polysemy.Input import Polysemy.Input
import qualified System.Process.Typed as TP import qualified System.Process.Typed as TP
import System.Exit (ExitCode(..))
data Process m a where data Process m a where
ReadInterleaved :: TP.ProcessConfig stdin stdout stderr -> Process m BSL.ByteString ReadInterleaved_ :: TP.ProcessConfig stdin stdout stderr -> Process m BSL.ByteString
ReadInterleaved :: TP.ProcessConfig stdin stdout stderr -> Process m (ExitCode, BSL.ByteString)
makeSem ''Process makeSem ''Process
@ -19,7 +21,8 @@ runIO ::
Sem r a Sem r a
runIO = runIO =
interpret $ \case interpret $ \case
ReadInterleaved config -> embed $ (TP.readProcessInterleaved_ config :: IO BSL.ByteString) ReadInterleaved_ config -> embed $ (TP.readProcessInterleaved_ config)
ReadInterleaved config -> embed $ (TP.readProcessInterleaved config)
runPure :: runPure ::
[BSL.ByteString] -> [BSL.ByteString] ->
@ -28,4 +31,7 @@ runPure ::
runPure outputList = runPure outputList =
runInputList outputList runInputList outputList
. reinterpret \case . reinterpret \case
ReadInterleaved _config -> maybe "" id <$> input ReadInterleaved_ _config -> maybe "" id <$> input
ReadInterleaved _config -> do
r <- maybe "" id <$> input
return (ExitSuccess, r)

2
src/Rewrite.hs
View File

@ -101,7 +101,7 @@ quotedUrlsET log rwArgs =
ExceptT ExceptT
$ liftIO $ liftIO
. runFinal . runFinal
. embedToFinal @IO . embedToFinal
. Error.runError . Error.runError
. Process.runIO . Process.runIO
. File.runIO . File.runIO

28
src/Update.hs
View File

@ -31,6 +31,7 @@ import qualified GH
import qualified Git import qualified Git
import NVD (getCVEs, withVulnDB) import NVD (getCVEs, withVulnDB)
import qualified Nix import qualified Nix
import qualified NixpkgsReview
import OurPrelude import OurPrelude
import Outpaths import Outpaths
import qualified Rewrite import qualified Rewrite
@ -79,13 +80,19 @@ getLog o = do
return log return log
else return T.putStrLn else return T.putStrLn
notifyOptions :: (Text -> IO ()) -> Options -> IO ()
notifyOptions log o = do
when (doPR o) $ log "Will do push to origin and do PR on success."
when (pushToCachix o) $ log "Will push to cachix."
when (calculateOutpaths o) $ log "Will calculate outpaths."
when (makeCVEReport o) $ log "Will make a CVE security report."
when (runNixpkgsReview o) $ log "Will run nixpkgs-review."
updateAll :: Options -> Text -> IO () updateAll :: Options -> Text -> IO ()
updateAll o updates = do updateAll o updates = do
log <- getLog o log <- getLog o
log "New run of nixpkgs-update" log "New run of nixpkgs-update"
when (doPR o) $ log "Will do push to origin and do PR on success." notifyOptions log o
when (pushToCachix o) $ log "Will push to cachix."
when (calculateOutpaths o) $ log "Will calculate outpaths."
twoHoursAgo <- runM $ Time.runIO Time.twoHoursAgo twoHoursAgo <- runM $ Time.runIO Time.twoHoursAgo
mergeBaseOutpathSet <- mergeBaseOutpathSet <-
liftIO $ newIORef (MergeBaseOutpathsInfo twoHoursAgo S.empty) liftIO $ newIORef (MergeBaseOutpathsInfo twoHoursAgo S.empty)
@ -256,8 +263,7 @@ updatePackageBatch log updateEnv mergeBaseOutpathsContext =
Git.cleanAndResetTo "master" Git.cleanAndResetTo "master"
publishPackage :: publishPackage ::
MonadIO m => (Text -> IO ()) ->
(Text -> m ()) ->
UpdateEnv -> UpdateEnv ->
Text -> Text ->
Text -> Text ->
@ -265,7 +271,7 @@ publishPackage ::
Text -> Text ->
Maybe (Set ResultLine) -> Maybe (Set ResultLine) ->
[Text] -> [Text] ->
ExceptT Text m () ExceptT Text IO ()
publishPackage log updateEnv oldSrcUrl newSrcUrl attrPath result opDiff msgs = do publishPackage log updateEnv oldSrcUrl newSrcUrl attrPath result opDiff msgs = do
cachixTestInstructions <- doCachix log updateEnv result cachixTestInstructions <- doCachix log updateEnv result
resultCheckReport <- resultCheckReport <-
@ -304,6 +310,10 @@ publishPackage log updateEnv oldSrcUrl newSrcUrl attrPath result opDiff msgs = d
let commitMsg = commitMessage updateEnv attrPath let commitMsg = commitMessage updateEnv attrPath
Git.commit commitMsg Git.commit commitMsg
commitHash <- Git.headHash commitHash <- Git.headHash
nixpkgsReviewMsg <-
if runNixpkgsReview . options $ updateEnv
then liftIO $ NixpkgsReview.runReport log commitHash
else return ""
-- Try to push it three times -- Try to push it three times
when when
(doPR . options $ updateEnv) (doPR . options $ updateEnv)
@ -329,6 +339,7 @@ publishPackage log updateEnv oldSrcUrl newSrcUrl attrPath result opDiff msgs = d
(fromMaybe "" (outpathReport <$> opDiff)) (fromMaybe "" (outpathReport <$> opDiff))
cveRep cveRep
cachixTestInstructions cachixTestInstructions
nixpkgsReviewMsg
if (doPR . options $ updateEnv) if (doPR . options $ updateEnv)
then do then do
let base = let base =
@ -362,8 +373,9 @@ prMessage ::
Text -> Text ->
Text -> Text ->
Text -> Text ->
Text ->
Text Text
prMessage updateEnv isBroken metaDescription metaHomepage rewriteMessages releaseUrlMessage compareUrlMessage resultCheckReport commitHash attrPath maintainersCc resultPath opReport cveRep cachixTestInstructions = prMessage updateEnv isBroken metaDescription metaHomepage rewriteMessages releaseUrlMessage compareUrlMessage resultCheckReport commitHash attrPath maintainersCc resultPath opReport cveRep cachixTestInstructions nixpkgsReviewMsg =
let brokenMsg = brokenWarning isBroken let brokenMsg = brokenWarning isBroken
title = prTitle updateEnv attrPath title = prTitle updateEnv attrPath
sourceLinkInfo = maybe "" pattern $ sourceURL updateEnv sourceLinkInfo = maybe "" pattern $ sourceURL updateEnv
@ -417,6 +429,7 @@ prMessage updateEnv isBroken metaDescription metaHomepage rewriteMessages releas
</details> </details>
<br/> <br/>
$cveRep $cveRep
$nixpkgsReviewMsg
$maintainersCc $maintainersCc
|] |]
@ -540,6 +553,7 @@ updatePackage o updateInfo = do
let (p, oldV, newV, url) = head (rights (parseUpdates updateInfo)) let (p, oldV, newV, url) = head (rights (parseUpdates updateInfo))
let updateEnv = UpdateEnv p oldV newV url o let updateEnv = UpdateEnv p oldV newV url o
let log = T.putStrLn let log = T.putStrLn
liftIO $ notifyOptions log o
Nix.assertNewerVersion updateEnv Nix.assertNewerVersion updateEnv
attrPath <- Nix.lookupAttrPath updateEnv attrPath <- Nix.lookupAttrPath updateEnv
Version.assertCompatibleWithPathPin updateEnv attrPath Version.assertCompatibleWithPathPin updateEnv attrPath

9
src/Utils.hs
View File

@ -109,6 +109,7 @@ data Options
githubToken :: Text, githubToken :: Text,
makeCVEReport :: Bool, makeCVEReport :: Bool,
pushToCachix :: Bool, pushToCachix :: Bool,
runNixpkgsReview :: Bool,
calculateOutpaths :: Bool calculateOutpaths :: Bool
} }
deriving (Show) deriving (Show)
@ -204,10 +205,10 @@ setupNixpkgs githubt = do
& System.Process.Typed.setEnv -- requires that user has forked nixpkgs & System.Process.Typed.setEnv -- requires that user has forked nixpkgs
[("GITHUB_TOKEN" :: String, githubt & T.unpack)] [("GITHUB_TOKEN" :: String, githubt & T.unpack)]
& runProcess_ & runProcess_
setCurrentDirectory fp setCurrentDirectory fp
shell "git remote add upstream https://github.com/NixOS/nixpkgs" shell "git remote add upstream https://github.com/NixOS/nixpkgs"
& runProcess_ & runProcess_
shell "git fetch upstream" & runProcess_ shell "git fetch upstream" & runProcess_
setCurrentDirectory fp setCurrentDirectory fp
System.Posix.Env.setEnv "NIX_PATH" ("nixpkgs=" <> fp) True System.Posix.Env.setEnv "NIX_PATH" ("nixpkgs=" <> fp) True

4
test/RewriteSpec.hs
View File

@ -23,13 +23,13 @@ spec = do
it "quotes an unquoted meta.homepage URL" do it "quotes an unquoted meta.homepage URL" do
nixQuotedHomepageBad <- T.readFile "test_data/quoted_homepage_bad.nix" nixQuotedHomepageBad <- T.readFile "test_data/quoted_homepage_bad.nix"
nixQuotedHomepageGood <- T.readFile "test_data/quoted_homepage_good.nix" nixQuotedHomepageGood <- T.readFile "test_data/quoted_homepage_good.nix"
let options = Utils.Options False False "" False False False let options = Utils.Options False False "" False False False False
let updateEnv = Utils.UpdateEnv "inadyn" "2.5" "2.6" Nothing options let updateEnv = Utils.UpdateEnv "inadyn" "2.5" "2.6" Nothing options
-- TODO test correct file is being read -- TODO test correct file is being read
let rwArgs = Rewrite.Args updateEnv "inadyn" undefined undefined let rwArgs = Rewrite.Args updateEnv "inadyn" undefined undefined
(logs, (newContents, result)) <- (logs, (newContents, result)) <-
( runFinal ( runFinal
. embedToFinal @IO . embedToFinal
. Output.runOutputList . Output.runOutputList
. File.runPure [nixQuotedHomepageBad] . File.runPure [nixQuotedHomepageBad]
. Process.runPure ["\"http://troglobit.com/project/inadyn/\""] . Process.runPure ["\"http://troglobit.com/project/inadyn/\""]