mirror of
https://github.com/ryantm/nixpkgs-update.git
synced 2024-10-26 06:47:35 +03:00
remove flake-utils; add mmdoc docs
This commit is contained in:
parent
868bcb0708
commit
c6bfaca2b1
31
.github/workflows/doc.yaml
vendored
Normal file
31
.github/workflows/doc.yaml
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
name: doc
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
# Nix Flakes doesn't work on shallow clones
|
||||
fetch-depth: 0
|
||||
- uses: cachix/install-nix-action@v13
|
||||
with:
|
||||
install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install
|
||||
install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
|
||||
extra_nix_config: |
|
||||
experimental-features = nix-command flakes
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
- run: nix run .#nixpkgs-update-doc
|
||||
- if: success()
|
||||
uses: crazy-max/ghaction-github-pages@v2
|
||||
with:
|
||||
target_branch: gh-pages
|
||||
build_dir: result/multi
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
280
README.md
280
README.md
@ -3,282 +3,4 @@
|
||||
[![Build Status](https://github.com/ryantm/nixpkgs-update/workflows/CI/badge.svg)](https://github.com/ryantm/nixpkgs-update/actions)
|
||||
[![Patreon](https://img.shields.io/badge/patreon-donate-blue.svg)](https://www.patreon.com/nixpkgsupdate)
|
||||
|
||||
> The future is here; let's evenly distribute it!
|
||||
|
||||
# Contents
|
||||
|
||||
* [Introduction](#introduction)
|
||||
* [Interactive updates](#interactive-updates)
|
||||
* [Batch updates](#batch-updates)
|
||||
* [Details](#details)
|
||||
* [Development](#development)
|
||||
|
||||
# Introduction
|
||||
|
||||
The [nixpkgs-update](https://github.com/ryantm/nixpkgs-update) mission
|
||||
is to make [nixpkgs](https://github.com/nixos/nixpkgs) the most
|
||||
up-to-date repository of software in the world by the most ridiculous
|
||||
margin possible. [Here's how we are doing so far](https://repology.org/repositories/graphs).
|
||||
|
||||
It provides an interactive tool for automating single package
|
||||
updates. Given a package name, old version, and new version, it
|
||||
updates the version, and fetcher hashes, makes a commit, and
|
||||
optionally a pull request. Along the way, it does checks to make sure
|
||||
the update has a baseline quality.
|
||||
|
||||
It is the code used by the GitHub bot
|
||||
[@r-ryantm](https://github.com/r-ryantm) to automatically update
|
||||
nixpkgs. It uses package repository information from
|
||||
[Repology.org](https://repology.org/repository/nix_unstable), the
|
||||
GitHub releases API, and PyPI to generate a lists of outdated
|
||||
packages.
|
||||
|
||||
# Installation
|
||||
|
||||
For the Cachix cache to work, your user must be in the trusted-users
|
||||
list or you can use sudo since root is effectively trusted.
|
||||
|
||||
Run without installing:
|
||||
|
||||
```bash
|
||||
nix run \
|
||||
--option extra-substituters 'https://nixpkgs-update.cachix.org/' \
|
||||
--option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \
|
||||
-f https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz \
|
||||
-c nixpkgs-update --help
|
||||
```
|
||||
|
||||
Install into your Nix profile:
|
||||
|
||||
```bash
|
||||
nix-env \
|
||||
--option extra-substituters 'https://nixpkgs-update.cachix.org/' \
|
||||
--option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \
|
||||
-if https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz
|
||||
```
|
||||
|
||||
Declaratively with [niv](https://github.com/nmattia/niv):
|
||||
|
||||
```bash
|
||||
niv add ryantm/nixpkgs-update
|
||||
```
|
||||
|
||||
NixOS config with Niv:
|
||||
|
||||
```nix
|
||||
let
|
||||
sources = import ./nix/sources.nix;
|
||||
nixpkgs-update = import sources.nixpkgs-update {};
|
||||
in
|
||||
environment.systemPackages = [ nixpkgs-update ];
|
||||
```
|
||||
|
||||
home-manager config with Niv:
|
||||
|
||||
```nix
|
||||
let
|
||||
sources = import ./nix/sources.nix;
|
||||
nixpkgs-update = import sources.nixpkgs-update {};
|
||||
in
|
||||
home.packages = [ nixpkgs-update ];
|
||||
```
|
||||
|
||||
# Interactive updates
|
||||
|
||||
nixpkgs-update supports interactive, single package updates via the
|
||||
`update` subcommand.
|
||||
|
||||
# Update tutorial
|
||||
|
||||
1. Setup [hub](https://github.com/github/hub) and give it your GitHub
|
||||
credentials, so it saves an oauth token. This allows nixpkgs-update
|
||||
to query the GitHub API.
|
||||
2. Go to your local checkout of nixpkgs, and **make sure the working
|
||||
directory is clean**. Be on a branch you are okay committing to.
|
||||
3. Run it like: `nixpkgs-update update "postman 7.20.0 7.21.2"`
|
||||
which mean update the package "postman" from version 7.20.0
|
||||
to version 7.21.2.
|
||||
4. It will run the updater, and, if the update builds, it will commit
|
||||
the update and output a message you could use for a pull request.
|
||||
|
||||
# Flags
|
||||
|
||||
* `--cve`—adds CVE vulnerability reporting to the PR message. On
|
||||
first invocation with this option, a CVE database is
|
||||
built. Subsequent invocations will be much faster.
|
||||
* `--nixpkgs-review`—runs
|
||||
[nixpkgs-review](https://github.com/Mic92/nixpkgs-review), which
|
||||
tries to build all the packages that depend on the one being updated
|
||||
and adds a report.
|
||||
|
||||
# Batch updates
|
||||
|
||||
nixpkgs-update supports batch updates via the `update-list`
|
||||
subcommand.
|
||||
|
||||
## Update-List tutorial
|
||||
|
||||
1. Setup [hub](https://github.com/github/hub) and give it your GitHub
|
||||
credentials, so it saves an oauth token. This allows nixpkgs-update
|
||||
to query the GitHub API.
|
||||
|
||||
2. Clone this repository and build `nixpkgs-update`:
|
||||
```bash
|
||||
git clone https://github.com/ryantm/nixpkgs-update && cd nixpkgs-update
|
||||
nix-build
|
||||
```
|
||||
|
||||
3. To test your config, try to update a single package, like this:
|
||||
|
||||
```bash
|
||||
./result/bin/nixpkgs-update update "pkg oldVer newVer update-page"`
|
||||
|
||||
# Example:
|
||||
./result/bin/nixpkgs-update update "tflint 0.15.0 0.15.1 repology.org"`
|
||||
```
|
||||
|
||||
replacing `tflint` with the attribute name of the package you actually want
|
||||
to update, and the old version and new version accordingly.
|
||||
|
||||
If this works, you are now setup to hack on `nixpkgs-update`! If
|
||||
you run it with `--pr`, it will actually send a pull request, which
|
||||
looks like this: https://github.com/NixOS/nixpkgs/pull/82465
|
||||
|
||||
|
||||
4. If you'd like to send a batch of updates, get a list of outdated packages and
|
||||
place them in a `packages-to-update.txt` file:
|
||||
|
||||
```bash
|
||||
./result/bin/nixpkgs-update fetch-repology > packages-to-update.txt
|
||||
```
|
||||
|
||||
There also exist alternative sources of updates, these include:
|
||||
|
||||
- PyPI, the Python Package Index:
|
||||
[nixpkgs-update-pypi-releases](https://github.com/jonringer/nixpkgs-update-pypi-releases)
|
||||
- GitHub releases:
|
||||
[nixpkgs-update-github-releases](https://github.com/synthetica9/nixpkgs-update-github-releases)
|
||||
|
||||
5. Run the tool in batch mode with `update-list`:
|
||||
|
||||
```bash
|
||||
./result/bin/nixpkgs-update update-list
|
||||
```
|
||||
|
||||
# Details
|
||||
|
||||
Some of these features only apply to the update-list sub-command or to
|
||||
features only available to the @r-ryantm bot.
|
||||
|
||||
## Checks
|
||||
|
||||
A number of checks are performed to help nixpkgs maintainers gauge the
|
||||
likelihood that an update was successful. All the binaries are run with
|
||||
various flags to see if they have a zero exit code and output the new
|
||||
version number. The outpath directory tree is searched for files
|
||||
containing the new version number. A directory tree and disk usage
|
||||
listing is provided.
|
||||
|
||||
|
||||
## Security report
|
||||
|
||||
Information from the National Vulnerability Database maintained by
|
||||
NIST is compared against the current and updated package version. The
|
||||
nixpkgs package name is matched with the Common Platform Enumeration
|
||||
vendor, product, edition, software edition, and target software fields
|
||||
to find candidate Common Vulnerabilities and Exposures (CVEs). The
|
||||
CVEs are filtered by the matching the current and updated versions
|
||||
with the CVE version ranges.
|
||||
|
||||
The general philosophy of the CVE search is to avoid false negatives,
|
||||
which means we expect to generate many false positives. The false
|
||||
positives can be carefully removed by manually created rules
|
||||
implemented in the filter function in the NVDRules module.
|
||||
|
||||
If there are no CVE matches, the report is not shown. The report has
|
||||
three parts: CVEs resolved by this update, CVEs introduced by this
|
||||
update, and CVEs present in both version.
|
||||
|
||||
If you would like to report a problem with the security report, please
|
||||
use the [nixpkgs-update GitHub
|
||||
issues](https://github.com/ryantm/nixpkgs-update/issues).
|
||||
|
||||
The initial development of the security report was made possible by a
|
||||
partnership with [Serokell](https://serokell.io/) and the [NLNet
|
||||
Foundation](https://nlnet.nl/) through their [Next Generation Internet
|
||||
Zero Discovery initiative](https://nlnet.nl/discovery/) (NGI0
|
||||
Discovery). NGI0 Discovery is made possible with financial support
|
||||
from the [European Commission](https://ec.europa.eu/).
|
||||
|
||||
|
||||
## Rebuild report
|
||||
|
||||
The PRs made by nixpkgs-update say what packages need to be rebuilt if
|
||||
the pull request is merged. This uses the same mechanism
|
||||
[OfBorg](https://github.com/NixOS/ofborg) uses to put rebuild labels
|
||||
on PRs. Not limited by labels, it can report the exact number of
|
||||
rebuilds and list some of the attrpaths that would need to be rebuilt.
|
||||
|
||||
|
||||
## PRs against staging
|
||||
|
||||
If a PR merge would cause more than 100 packages to be rebuilt, the PR
|
||||
is made against staging.
|
||||
|
||||
|
||||
## Logs
|
||||
|
||||
[Logs from r-ryantm's runs](https://r.ryantm.com/log/) are
|
||||
available online. There are a lot of packages `nixpkgs-update`
|
||||
currently has no hope of updating. Please dredge the logs to find out
|
||||
why your pet package is not receiving updates.
|
||||
|
||||
|
||||
## Cachix
|
||||
|
||||
By uploading the build outputs to
|
||||
[Cachix](https://nix-community.cachix.org/), nixpkgs-update allows you to
|
||||
test a package with one command.
|
||||
|
||||
|
||||
# Development
|
||||
|
||||
Incremental development:
|
||||
|
||||
```bash
|
||||
nix-shell --run "cabal v2-repl"
|
||||
```
|
||||
|
||||
Run the tests:
|
||||
|
||||
```bash
|
||||
nix-shell --run "cabal v2-test"
|
||||
```
|
||||
|
||||
Run a type checker in the background for quicker type checking feedback:
|
||||
|
||||
```bash
|
||||
nix-shell --run "ghcid"
|
||||
```
|
||||
|
||||
Run a type checker for the app code:
|
||||
|
||||
```bash
|
||||
nix-shell --run 'ghcid -c "cabal v2-repl exe:nixpkgs-update"'
|
||||
```
|
||||
|
||||
Run a type checker for the test code:
|
||||
|
||||
```bash
|
||||
nix-shell --run 'ghcid -c "cabal v2-repl tests"'
|
||||
```
|
||||
|
||||
Updating the Cabal file when adding new dependencies or options:
|
||||
|
||||
```bash
|
||||
nix run nixpkgs.haskellPackages.hpack -c hpack
|
||||
```
|
||||
|
||||
Source files are formatted with [Ormolu](https://github.com/tweag/ormolu).
|
||||
|
||||
There is also a [Cachix cache](https://nixpkgs-update.cachix.org/) available for the dependencies of this program.
|
||||
Please read the [documentation](https://ryantm.github.io/nixpkgs-update/).
|
||||
|
53
doc/batch-updates.md
Normal file
53
doc/batch-updates.md
Normal file
@ -0,0 +1,53 @@
|
||||
# Batch updates {#batch-updates}
|
||||
|
||||
nixpkgs-update supports batch updates via the `update-list`
|
||||
subcommand.
|
||||
|
||||
## Update-List tutorial
|
||||
|
||||
1. Setup [hub](https://github.com/github/hub) and give it your GitHub
|
||||
credentials, so it saves an oauth token. This allows nixpkgs-update
|
||||
to query the GitHub API.
|
||||
|
||||
2. Clone this repository and build `nixpkgs-update`:
|
||||
```bash
|
||||
git clone https://github.com/ryantm/nixpkgs-update && cd nixpkgs-update
|
||||
nix-build
|
||||
```
|
||||
|
||||
3. To test your config, try to update a single package, like this:
|
||||
|
||||
```bash
|
||||
./result/bin/nixpkgs-update update "pkg oldVer newVer update-page"`
|
||||
|
||||
# Example:
|
||||
./result/bin/nixpkgs-update update "tflint 0.15.0 0.15.1 repology.org"`
|
||||
```
|
||||
|
||||
replacing `tflint` with the attribute name of the package you actually want
|
||||
to update, and the old version and new version accordingly.
|
||||
|
||||
If this works, you are now setup to hack on `nixpkgs-update`! If
|
||||
you run it with `--pr`, it will actually send a pull request, which
|
||||
looks like this: https://github.com/NixOS/nixpkgs/pull/82465
|
||||
|
||||
|
||||
4. If you'd like to send a batch of updates, get a list of outdated packages and
|
||||
place them in a `packages-to-update.txt` file:
|
||||
|
||||
```bash
|
||||
./result/bin/nixpkgs-update fetch-repology > packages-to-update.txt
|
||||
```
|
||||
|
||||
There also exist alternative sources of updates, these include:
|
||||
|
||||
- PyPI, the Python Package Index:
|
||||
[nixpkgs-update-pypi-releases](https://github.com/jonringer/nixpkgs-update-pypi-releases)
|
||||
- GitHub releases:
|
||||
[nixpkgs-update-github-releases](https://github.com/synthetica9/nixpkgs-update-github-releases)
|
||||
|
||||
5. Run the tool in batch mode with `update-list`:
|
||||
|
||||
```bash
|
||||
./result/bin/nixpkgs-update update-list
|
||||
```
|
41
doc/contributing.md
Normal file
41
doc/contributing.md
Normal file
@ -0,0 +1,41 @@
|
||||
# Contributing {#contributing}
|
||||
|
||||
Incremental development:
|
||||
|
||||
```bash
|
||||
nix-shell --run "cabal v2-repl"
|
||||
```
|
||||
|
||||
Run the tests:
|
||||
|
||||
```bash
|
||||
nix-shell --run "cabal v2-test"
|
||||
```
|
||||
|
||||
Run a type checker in the background for quicker type checking feedback:
|
||||
|
||||
```bash
|
||||
nix-shell --run "ghcid"
|
||||
```
|
||||
|
||||
Run a type checker for the app code:
|
||||
|
||||
```bash
|
||||
nix-shell --run 'ghcid -c "cabal v2-repl exe:nixpkgs-update"'
|
||||
```
|
||||
|
||||
Run a type checker for the test code:
|
||||
|
||||
```bash
|
||||
nix-shell --run 'ghcid -c "cabal v2-repl tests"'
|
||||
```
|
||||
|
||||
Updating the Cabal file when adding new dependencies or options:
|
||||
|
||||
```bash
|
||||
nix run nixpkgs.haskellPackages.hpack -c hpack
|
||||
```
|
||||
|
||||
Source files are formatted with [Ormolu](https://github.com/tweag/ormolu).
|
||||
|
||||
There is also a [Cachix cache](https://nixpkgs-update.cachix.org/) available for the dependencies of this program.
|
74
doc/details.md
Normal file
74
doc/details.md
Normal file
@ -0,0 +1,74 @@
|
||||
# Details {#details}
|
||||
|
||||
Some of these features only apply to the update-list sub-command or to
|
||||
features only available to the @r-ryantm bot.
|
||||
|
||||
## Checks
|
||||
|
||||
A number of checks are performed to help nixpkgs maintainers gauge the
|
||||
likelihood that an update was successful. All the binaries are run with
|
||||
various flags to see if they have a zero exit code and output the new
|
||||
version number. The outpath directory tree is searched for files
|
||||
containing the new version number. A directory tree and disk usage
|
||||
listing is provided.
|
||||
|
||||
|
||||
## Security report
|
||||
|
||||
Information from the National Vulnerability Database maintained by
|
||||
NIST is compared against the current and updated package version. The
|
||||
nixpkgs package name is matched with the Common Platform Enumeration
|
||||
vendor, product, edition, software edition, and target software fields
|
||||
to find candidate Common Vulnerabilities and Exposures (CVEs). The
|
||||
CVEs are filtered by the matching the current and updated versions
|
||||
with the CVE version ranges.
|
||||
|
||||
The general philosophy of the CVE search is to avoid false negatives,
|
||||
which means we expect to generate many false positives. The false
|
||||
positives can be carefully removed by manually created rules
|
||||
implemented in the filter function in the NVDRules module.
|
||||
|
||||
If there are no CVE matches, the report is not shown. The report has
|
||||
three parts: CVEs resolved by this update, CVEs introduced by this
|
||||
update, and CVEs present in both version.
|
||||
|
||||
If you would like to report a problem with the security report, please
|
||||
use the [nixpkgs-update GitHub
|
||||
issues](https://github.com/ryantm/nixpkgs-update/issues).
|
||||
|
||||
The initial development of the security report was made possible by a
|
||||
partnership with [Serokell](https://serokell.io/) and the [NLNet
|
||||
Foundation](https://nlnet.nl/) through their [Next Generation Internet
|
||||
Zero Discovery initiative](https://nlnet.nl/discovery/) (NGI0
|
||||
Discovery). NGI0 Discovery is made possible with financial support
|
||||
from the [European Commission](https://ec.europa.eu/).
|
||||
|
||||
|
||||
## Rebuild report
|
||||
|
||||
The PRs made by nixpkgs-update say what packages need to be rebuilt if
|
||||
the pull request is merged. This uses the same mechanism
|
||||
[OfBorg](https://github.com/NixOS/ofborg) uses to put rebuild labels
|
||||
on PRs. Not limited by labels, it can report the exact number of
|
||||
rebuilds and list some of the attrpaths that would need to be rebuilt.
|
||||
|
||||
|
||||
## PRs against staging
|
||||
|
||||
If a PR merge would cause more than 100 packages to be rebuilt, the PR
|
||||
is made against staging.
|
||||
|
||||
|
||||
## Logs
|
||||
|
||||
[Logs from r-ryantm's runs](https://r.ryantm.com/log/) are
|
||||
available online. There are a lot of packages `nixpkgs-update`
|
||||
currently has no hope of updating. Please dredge the logs to find out
|
||||
why your pet package is not receiving updates.
|
||||
|
||||
|
||||
## Cachix
|
||||
|
||||
By uploading the build outputs to
|
||||
[Cachix](https://nix-community.cachix.org/), nixpkgs-update allows you to
|
||||
test a package with one command.
|
49
doc/installation.md
Normal file
49
doc/installation.md
Normal file
@ -0,0 +1,49 @@
|
||||
# Installation {#installation}
|
||||
|
||||
For the Cachix cache to work, your user must be in the trusted-users
|
||||
list or you can use sudo since root is effectively trusted.
|
||||
|
||||
Run without installing:
|
||||
|
||||
```bash
|
||||
nix run \
|
||||
--option extra-substituters 'https://nixpkgs-update.cachix.org/' \
|
||||
--option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \
|
||||
-f https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz \
|
||||
-c nixpkgs-update --help
|
||||
```
|
||||
|
||||
Install into your Nix profile:
|
||||
|
||||
```bash
|
||||
nix-env \
|
||||
--option extra-substituters 'https://nixpkgs-update.cachix.org/' \
|
||||
--option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \
|
||||
-if https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz
|
||||
```
|
||||
|
||||
Declaratively with [niv](https://github.com/nmattia/niv):
|
||||
|
||||
```bash
|
||||
niv add ryantm/nixpkgs-update
|
||||
```
|
||||
|
||||
NixOS config with Niv:
|
||||
|
||||
```nix
|
||||
let
|
||||
sources = import ./nix/sources.nix;
|
||||
nixpkgs-update = import sources.nixpkgs-update {};
|
||||
in
|
||||
environment.systemPackages = [ nixpkgs-update ];
|
||||
```
|
||||
|
||||
home-manager config with Niv:
|
||||
|
||||
```nix
|
||||
let
|
||||
sources = import ./nix/sources.nix;
|
||||
nixpkgs-update = import sources.nixpkgs-update {};
|
||||
in
|
||||
home.packages = [ nixpkgs-update ];
|
||||
```
|
27
doc/interactive-updates.md
Normal file
27
doc/interactive-updates.md
Normal file
@ -0,0 +1,27 @@
|
||||
# Interactive updates {#interactive-updates}
|
||||
|
||||
nixpkgs-update supports interactive, single package updates via the
|
||||
`update` subcommand.
|
||||
|
||||
# Update tutorial
|
||||
|
||||
1. Setup [hub](https://github.com/github/hub) and give it your GitHub
|
||||
credentials, so it saves an oauth token. This allows nixpkgs-update
|
||||
to query the GitHub API.
|
||||
2. Go to your local checkout of nixpkgs, and **make sure the working
|
||||
directory is clean**. Be on a branch you are okay committing to.
|
||||
3. Run it like: `nixpkgs-update update "postman 7.20.0 7.21.2"`
|
||||
which mean update the package "postman" from version 7.20.0
|
||||
to version 7.21.2.
|
||||
4. It will run the updater, and, if the update builds, it will commit
|
||||
the update and output a message you could use for a pull request.
|
||||
|
||||
# Flags
|
||||
|
||||
* `--cve`—adds CVE vulnerability reporting to the PR message. On
|
||||
first invocation with this option, a CVE database is
|
||||
built. Subsequent invocations will be much faster.
|
||||
* `--nixpkgs-review`—runs
|
||||
[nixpkgs-review](https://github.com/Mic92/nixpkgs-review), which
|
||||
tries to build all the packages that depend on the one being updated
|
||||
and adds a report.
|
21
doc/introduction.md
Normal file
21
doc/introduction.md
Normal file
@ -0,0 +1,21 @@
|
||||
# nixpkgs-update {#introduction}
|
||||
|
||||
> The future is here; let's evenly distribute it!
|
||||
|
||||
The [nixpkgs-update](https://github.com/ryantm/nixpkgs-update) mission
|
||||
is to make [nixpkgs](https://github.com/nixos/nixpkgs) the most
|
||||
up-to-date repository of software in the world by the most ridiculous
|
||||
margin possible. [Here's how we are doing so far](https://repology.org/repositories/graphs).
|
||||
|
||||
It provides an interactive tool for automating single package
|
||||
updates. Given a package name, old version, and new version, it
|
||||
updates the version, and fetcher hashes, makes a commit, and
|
||||
optionally a pull request. Along the way, it does checks to make sure
|
||||
the update has a baseline quality.
|
||||
|
||||
It is the code used by the GitHub bot
|
||||
[@r-ryantm](https://github.com/r-ryantm) to automatically update
|
||||
nixpkgs. It uses package repository information from
|
||||
[Repology.org](https://repology.org/repository/nix_unstable), the
|
||||
GitHub releases API, and PyPI to generate a lists of outdated
|
||||
packages.
|
@ -1,4 +1,4 @@
|
||||
# Nixpkgs Maintainer FAQ
|
||||
# Nixpkgs Maintainer FAQ {#nixpkgs-maintainer-faq}
|
||||
|
||||
## @r-ryantm opened a PR for my package, what do I do?
|
||||
|
||||
|
0
doc/nixpkgs-update.md
Normal file
0
doc/nixpkgs-update.md
Normal file
8
doc/toc.md
Normal file
8
doc/toc.md
Normal file
@ -0,0 +1,8 @@
|
||||
# nixpkgs-update
|
||||
|
||||
* [Introduction](#introduction)
|
||||
* [Interactive updates](#interactive-updates)
|
||||
* [Batch updates](#batch-updates)
|
||||
* [Details](#details)
|
||||
* [Contributing](#contributing)
|
||||
* [Nixpkgs Maintainer FAQ](#nixpkgs-maintainer-faq)
|
86
flake.lock
86
flake.lock
@ -17,21 +17,6 @@
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1629481132,
|
||||
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "997f7efcb746a9c140ce1f13c72263189225f482",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1610051610,
|
||||
"narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
|
||||
@ -46,25 +31,59 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"mmdoc": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-for-manual": "nixpkgs-for-manual"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1629853352,
|
||||
"narHash": "sha256-NivLQ6qGhQxTYqinZ3r2hA01WcHRhhaS9VFXPYwJ07w=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0cc67d775fba1af56eea9420c81e524f94376564",
|
||||
"lastModified": 1626736992,
|
||||
"narHash": "sha256-pgD5wGNKPrAO5ThfQjmdyezpc0RIXUeXyU/oFJRBfa0=",
|
||||
"owner": "ryantm",
|
||||
"repo": "mmdoc",
|
||||
"rev": "9793387e2d7c04fe8e35209de6da0b3b6e551fea",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"owner": "ryantm",
|
||||
"repo": "mmdoc",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1620788202,
|
||||
"narHash": "sha256-MupOww6wQHG2LiF7ALeT+TxvgzS1ROQy7dChZX5ohiA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c8750770c4f59b0825bf2b7b914c343543958a80",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-for-manual": {
|
||||
"locked": {
|
||||
"lastModified": 1617080427,
|
||||
"narHash": "sha256-4en5vjUto7I3FBWKU+NjhS33K0Z5yk+zxCtGcIgaRjs=",
|
||||
"owner": "ryantm",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "46fd6f0a282fdcebfeba221dba45adf12503afad",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"ref": "minman",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-review": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1629814514,
|
||||
@ -81,6 +100,21 @@
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1629859457,
|
||||
"narHash": "sha256-JlAU1EboVCOJeMXNLJusf+0vnx++xK1Y4DW5y80zMfY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "12613bf6d91543db59de89e231eafab72f4dc2e8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1613848021,
|
||||
"narHash": "sha256-9JICogf6yTscjE3bmeX13vks+omv8408I3B7gWIau5U=",
|
||||
@ -97,8 +131,8 @@
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"mmdoc": "mmdoc",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-review": "nixpkgs-review"
|
||||
}
|
||||
}
|
||||
|
67
flake.nix
67
flake.nix
@ -1,67 +1,20 @@
|
||||
{
|
||||
description = "A flake for nixpkgs-update";
|
||||
|
||||
inputs.flake-utils.url = "github:numtide/flake-utils";
|
||||
inputs.nixpkgs-review.url = "github:mic92/nixpkgs-review";
|
||||
inputs.flake-compat = { url = "github:edolstra/flake-compat"; flake = false; };
|
||||
inputs.nixpkgs = { type = "github"; owner = "nixos"; repo = "nixpkgs"; };
|
||||
inputs.mmdoc.url = "github:ryantm/mmdoc";
|
||||
|
||||
outputs = { self, flake-utils, flake-compat, nixpkgs, nixpkgs-review }:
|
||||
flake-utils.lib.eachSystem [ "x86_64-linux" "x86_64-darwin" ] (system:
|
||||
let
|
||||
pkgs = import nixpkgs { inherit system; config = { allowBroken = true; }; };
|
||||
outputs = { self, flake-compat, nixpkgs, nixpkgs-review, mmdoc } @ args:
|
||||
{
|
||||
packages."x86_64-linux" = import ./pkgs/default.nix (args // { system = "x86_64-linux"; });
|
||||
defaultPackage."x86_64-linux" = self.packages."x86_64-linux".nixpkgs-update;
|
||||
devShell."x86_64-linux" = self.packages."x86_64-linux".devShell;
|
||||
|
||||
developPackageAttrs = {
|
||||
name = "nixpkgs-update";
|
||||
root = self;
|
||||
returnShellEnv = false;
|
||||
};
|
||||
packages."x86_64-darwin" = import ./pkgs/default.nix (args // { system = "x86_64-darwin"; });
|
||||
defaultPackage."x86_64-darwin" = self.packages."x86_64-darwin".nixpkgs-update;
|
||||
devShell."x86_64-darwin" = self.packages."x86_64-darwin".devShell;
|
||||
|
||||
drvAttrs = attrs: with pkgs; {
|
||||
NIX = nix;
|
||||
GIT = git;
|
||||
HUB = gitAndTools.hub;
|
||||
JQ = jq;
|
||||
TREE = tree;
|
||||
GIST = gist;
|
||||
# TODO: are there more coreutils paths that need locking down?
|
||||
TIMEOUT = coreutils;
|
||||
NIXPKGSREVIEW = (import nixpkgs-review { inherit pkgs; });
|
||||
};
|
||||
|
||||
haskellPackages = pkgs.haskellPackages.override {
|
||||
overrides = _: haskellPackages: {
|
||||
polysemy-plugin = pkgs.haskell.lib.dontCheck haskellPackages.polysemy-plugin;
|
||||
polysemy = pkgs.haskell.lib.dontCheck haskellPackages.polysemy;
|
||||
nixpkgs-update =
|
||||
pkgs.haskell.lib.justStaticExecutables (
|
||||
pkgs.haskell.lib.failOnAllWarnings (
|
||||
pkgs.haskell.lib.disableExecutableProfiling (
|
||||
pkgs.haskell.lib.disableLibraryProfiling (
|
||||
pkgs.haskell.lib.generateOptparseApplicativeCompletion "nixpkgs-update" (
|
||||
(haskellPackages.developPackage developPackageAttrs).overrideAttrs drvAttrs
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
};
|
||||
};
|
||||
|
||||
shell = haskellPackages.shellFor {
|
||||
nativeBuildInputs = with pkgs; [
|
||||
cabal-install
|
||||
ghcid
|
||||
];
|
||||
packages = ps: [ ps.nixpkgs-update ];
|
||||
shellHook = ''
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
devShell = shell;
|
||||
packages.nixpkgs-update = haskellPackages.nixpkgs-update;
|
||||
defaultPackage = haskellPackages.nixpkgs-update;
|
||||
});
|
||||
};
|
||||
}
|
||||
|
72
pkgs/default.nix
Normal file
72
pkgs/default.nix
Normal file
@ -0,0 +1,72 @@
|
||||
{ nixpkgs
|
||||
, nixpkgs-review
|
||||
, mmdoc
|
||||
, system
|
||||
, self
|
||||
, ...
|
||||
}:
|
||||
|
||||
let
|
||||
|
||||
pkgs = import nixpkgs { inherit system; config = { allowBroken = true; }; };
|
||||
|
||||
developPackageAttrs = {
|
||||
name = "nixpkgs-update";
|
||||
root = self;
|
||||
returnShellEnv = false;
|
||||
};
|
||||
|
||||
drvAttrs = attrs: with pkgs; {
|
||||
NIX = nix;
|
||||
GIT = git;
|
||||
HUB = gitAndTools.hub;
|
||||
JQ = jq;
|
||||
TREE = tree;
|
||||
GIST = gist;
|
||||
# TODO: are there more coreutils paths that need locking down?
|
||||
TIMEOUT = coreutils;
|
||||
NIXPKGSREVIEW = (import nixpkgs-review { inherit pkgs; });
|
||||
};
|
||||
|
||||
haskellPackages = pkgs.haskellPackages.override {
|
||||
overrides = _: haskellPackages: {
|
||||
polysemy-plugin = pkgs.haskell.lib.dontCheck haskellPackages.polysemy-plugin;
|
||||
polysemy = pkgs.haskell.lib.dontCheck haskellPackages.polysemy;
|
||||
nixpkgs-update =
|
||||
pkgs.haskell.lib.justStaticExecutables (
|
||||
pkgs.haskell.lib.failOnAllWarnings (
|
||||
pkgs.haskell.lib.disableExecutableProfiling (
|
||||
pkgs.haskell.lib.disableLibraryProfiling (
|
||||
pkgs.haskell.lib.generateOptparseApplicativeCompletion "nixpkgs-update" (
|
||||
(haskellPackages.developPackage developPackageAttrs).overrideAttrs drvAttrs
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
};
|
||||
};
|
||||
|
||||
shell = haskellPackages.shellFor {
|
||||
nativeBuildInputs = with pkgs; [
|
||||
cabal-install
|
||||
ghcid
|
||||
];
|
||||
packages = ps: [ ps.nixpkgs-update ];
|
||||
shellHook = ''
|
||||
'';
|
||||
};
|
||||
|
||||
doc = pkgs.stdenvNoCC.mkDerivation rec {
|
||||
name = "nixpkgs-update-doc";
|
||||
src = self;
|
||||
phases = [ "mmdocPhase" ];
|
||||
mmdocPhase = "${mmdoc.packages.${system}.mmdoc}/bin/mmdoc nixpkgs-update $src/doc $out";
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
nixpkgs-update = haskellPackages.nixpkgs-update;
|
||||
nixpkgs-update-doc = doc;
|
||||
devShell = shell;
|
||||
}
|
Loading…
Reference in New Issue
Block a user