Drop hub dependency

Also be more permissive when a GitHub token isn't available.
This commit is contained in:
Ryan Hendrickson 2023-03-02 23:30:36 -05:00
parent f739d495cd
commit 8e5317cb5e
6 changed files with 22 additions and 30 deletions

View File

@ -10,6 +10,7 @@ import qualified Data.Text as T
import qualified Data.Text.IO as T
import DeleteMerged (deleteDone)
import Git
import qualified GitHub as GH
import NVD (withVulnDB)
import qualified Nix
import qualified Options.Applicative as O
@ -134,19 +135,19 @@ main = do
hSetBuffering stderr LineBuffering
command <- O.execParser programInfo
ghUser <- getGithubUser
token <- getGithubToken <|> undefined
token <- fromMaybe "" <$> getGithubToken
P.setEnv "GITHUB_TOKEN" (T.unpack token) True
P.setEnv "GITHUB_API_TOKEN" (T.unpack token) True
P.setEnv "PAGER" "" True
case command of
DeleteDone delete -> do
Git.setupNixpkgs token
setupNixpkgs $ GH.untagName ghUser
deleteDone delete token ghUser
Update UpdateOptions {pr, cve, nixpkgsReview, outpaths, attrpathOpt} update -> do
Git.setupNixpkgs token
setupNixpkgs $ GH.untagName ghUser
updatePackage (Options pr False ghUser token cve nixpkgsReview outpaths attrpathOpt) update
UpdateBatch UpdateOptions {pr, cve, nixpkgsReview, outpaths, attrpathOpt} update -> do
Git.setupNixpkgs token
setupNixpkgs $ GH.untagName ghUser
updatePackage (Options pr True ghUser token cve nixpkgsReview outpaths attrpathOpt) update
Version -> do
v <- runExceptT Nix.version
@ -155,17 +156,17 @@ main = do
Right t -> T.putStrLn t
UpdateVulnDB -> withVulnDB $ \_conn -> pure ()
CheckAllVulnerable -> do
setupNixpkgs undefined
setupNixpkgs $ GH.untagName ghUser
updates <- T.readFile "packages-to-update.txt"
cveAll undefined updates
CheckVulnerable productID oldVersion newVersion -> do
setupNixpkgs undefined
setupNixpkgs $ GH.untagName ghUser
report <-
cveReport
(UpdateEnv productID oldVersion newVersion Nothing (Options False False ghUser token False False False False))
T.putStrLn report
SourceGithub -> do
updates <- T.readFile "packages-to-update.txt"
setupNixpkgs token
setupNixpkgs $ GH.untagName ghUser
sourceGithubAll (Options False False ghUser token False False False False) updates
FetchRepology -> Repology.fetch

View File

@ -7,7 +7,12 @@ subcommand.
1. Setup [hub](https://github.com/github/hub) and give it your GitHub
credentials, so it saves an oauth token. This allows nixpkgs-update
to query the GitHub API.
to query the GitHub API. Alternatively, if you prefer not to install
and configure `hub`, you can manually create a GitHub token with
`repo` and `gist` scopes. Provide it to `nixpkgs-update` by
exporting it as the `GITHUB_TOKEN` environment variable
(`nixpkgs-update` reads credentials from the files `hub` uses but
no longer uses `hub` itself).
2. Clone this repository and build `nixpkgs-update`:
```bash

View File

@ -10,9 +10,8 @@ nixpkgs-update supports interactive, single package updates via the
and configure `hub`, you can manually create a GitHub token with
`repo` and `gist` scopes. Provide it to `nixpkgs-update` by
exporting it as the `GITHUB_TOKEN` environment variable
(`nixpkgs-update` _only_ tries to use `hub` to check out the
`nixpkgs` repo into your XDG cache directory, if you run
`nixpkgs-update` outside of a `nixpkgs` checkout directory).
(`nixpkgs-update` reads credentials from the files `hub` uses but
no longer uses `hub` itself).
2. Go to your local checkout of nixpkgs, and **make sure the working
directory is clean**. Be on a branch you are okay committing to.
3. Run it like: `nixpkgs-update update "postman 7.20.0 7.21.2"`

View File

@ -12,7 +12,6 @@ let
drvAttrs = attrs: with pkgs; {
NIX = nix;
GIT = git;
HUB = gitAndTools.hub;
JQ = jq;
TREE = tree;
GIST = gist;

View File

@ -34,12 +34,10 @@ import qualified Data.Vector as V
import Language.Haskell.TH.Env (envQ)
import OurPrelude hiding (throw)
import System.Directory (doesDirectoryExist, doesFileExist, getModificationTime, getCurrentDirectory, setCurrentDirectory)
import System.Environment (getEnv)
import System.Environment.XDG.BaseDir (getUserCacheDir)
import System.Exit()
import System.IO.Error (tryIOError)
import System.Posix.Env (setEnv)
import qualified System.Process.Typed
import Utils (Options (..), UpdateEnv (..), branchName, branchPrefix)
bin :: String
@ -48,12 +46,6 @@ bin = fromJust ($$(envQ "GIT") :: Maybe String) <> "/bin/git"
procGit :: [String] -> ProcessConfig () () ()
procGit = proc bin
hubBin :: String
hubBin = fromJust ($$(envQ "HUB") :: Maybe String) <> "/bin/hub"
procHub :: [String] -> ProcessConfig () () ()
procHub = proc hubBin
clean :: ProcessConfig () () ()
clean = silently $ procGit ["clean", "-fdx"]
@ -156,19 +148,15 @@ nixpkgsDir = do
-- Since we are going to have to fetch, git reset, clean, and commit, we setup a
-- cache dir to avoid destroying any uncommitted work the user may have in PWD.
setupNixpkgs :: Text -> IO ()
setupNixpkgs githubt = do
setupNixpkgs ghUser = do
fp <- nixpkgsDir
exists <- doesDirectoryExist fp
unless exists $ do
path <- getEnv "PATH"
procHub ["clone", "nixpkgs", fp]
& System.Process.Typed.setEnv -- requires that user has forked nixpkgs
[ ("PATH" :: String, path),
("GITHUB_TOKEN" :: String, githubt & T.unpack)
]
procGit ["clone", "--origin", "upstream", "https://github.com/NixOS/nixpkgs.git", fp]
& runProcess_
setCurrentDirectory fp
shell (bin <> " remote add upstream https://github.com/NixOS/nixpkgs")
procGit ["remote", "add", "origin", "https://github.com/" <> T.unpack ghUser <> "/nixpkgs.git"]
-- requires that user has forked nixpkgs
& runProcess_
inNixpkgs <- inNixpkgsRepo
unless inNixpkgs do

View File

@ -297,12 +297,12 @@ hubConfigField field = do
token = T.takeWhile (/= '\n') $ head (drop 1 splits)
return $ Just token
getGithubToken :: IO Text
getGithubToken :: IO (Maybe Text)
getGithubToken = do
et <- envToken
lt <- localToken
ht <- hubConfigField "oauth_token: "
return $ fromJust (et <|> lt <|> ht)
return (et <|> lt <|> ht)
getGithubUser :: IO (GH.Name GH.Owner)
getGithubUser = do