forked from emily/nixfiles
101 lines
2.6 KiB
Bash
101 lines
2.6 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
BRANCH="update-inputs-$(date +%Y-%m-%d-%H-%M)"
|
|
HYDRA_URL="https://hydra.kyouma.net"
|
|
JOBSET_URL="${HYDRA_URL}/jobset/nixfiles/update-inputs"
|
|
ROOT="$(mktemp -d)"
|
|
|
|
gitin () {
|
|
git -C "${ROOT}/nixfiles" "$@"
|
|
}
|
|
|
|
merge_theirs () {
|
|
gitin merge -s ours "${BRANCH}" -m "Update from ${BRANCH}"
|
|
gitin branch temp
|
|
gitin reset --hard "${BRANCH}"
|
|
gitin reset --soft temp
|
|
gitin commit --amend --no-edit
|
|
gitin branch -D temp
|
|
}
|
|
|
|
test_build () {
|
|
local build_jobs
|
|
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")"
|
|
for build in ${build_jobs}; do
|
|
local build_status
|
|
while true; do
|
|
local build_finished
|
|
build_finished="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".finished")"
|
|
[[ ${build_finished} == 1 ]] && break
|
|
sleep 5
|
|
done
|
|
build_status="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".buildstatus")"
|
|
[[ $build_status != 0 ]] && echo "Build ${build} failed" && exit 1
|
|
echo "Build ${build} was successful"
|
|
done
|
|
}
|
|
|
|
wait_for_hydra () {
|
|
local git_rev
|
|
local hydra_rev
|
|
local counter
|
|
counter=0
|
|
git_rev="$(git -C "${ROOT}/nixfiles" rev-parse update-inputs)"
|
|
while true; do
|
|
hydra_rev="$(curl -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")"
|
|
if [[ "${git_rev}" == "${hydra_rev}" ]]; then
|
|
echo "Hydra got new commit"
|
|
break
|
|
fi
|
|
sleep 30
|
|
done
|
|
if [[ $counter -ge 30 ]]; then
|
|
echo "Hydra no workey"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
ssh-agent -a "${ROOT}/ssh-agent"
|
|
SSH_AUTH_SOCK="${ROOT}/ssh-agent"
|
|
export SSH_AUTH_SOCK
|
|
ssh-add "/run/secrets/services/update-nixfiles/privateKey"
|
|
|
|
git clone forgejo@woof.rip:emily/nixfiles.git "${ROOT}/nixfiles"
|
|
gitin fetch --all
|
|
gitin checkout origin/main
|
|
|
|
gitin checkout -b "${BRANCH}"
|
|
|
|
pushd "${ROOT}/nixfiles"
|
|
nix flake update --commit-lock-file
|
|
popd
|
|
|
|
if gitin diff --quiet origin/update-inputs "${BRANCH}"; then
|
|
echo "No update needed"
|
|
gitin checkout update-inputs
|
|
gitin branch -D "${BRANCH}"
|
|
exit 0
|
|
fi
|
|
|
|
gitin push --set-upstream origin "${BRANCH}"
|
|
|
|
gitin checkout update-inputs
|
|
merge_theirs
|
|
gitin push origin update-inputs
|
|
|
|
echo "Waiting for hydra to get new commit"
|
|
export -f wait_for_hydra
|
|
timeout 4h bash -c wait_for_hydra
|
|
|
|
echo "Testing if all build jobs completed successfully"
|
|
test_build
|
|
echo "All build jobs were successful"
|
|
|
|
echo "Merging ${BRANCH} into main"
|
|
gitin checkout main
|
|
gitin merge --ff-only "${BRANCH}"
|
|
gitin push origin main
|
|
|
|
echo "Update successful"
|