chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-11 02:10:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

[Backport release-25.05] dependabot-cli: 1.63.0 -> 1.71.0 (#438656)

Browse Source
This commit is contained in:
Wolfgang Walther
2025-09-13 16:38:31 +00:00
committed by GitHub
parent 04f64e4ea3 d1a6992b95
commit 73db2f0963
2 changed files with 93 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
pkgs/by-name/de/dependabot-cli/package.nix
View File

@@ -1,44 +1,31 @@
{
lib,
stdenv,
buildGoModule,
dependabot-cli,
dockerTools,
fetchFromGitHub,
installShellFiles,
lib,
makeWrapper,
symlinkJoin,
testers,
}:
let
pname = "dependabot-cli";
version = "1.63.0";
version = "1.71.0";
# vv Also update this vv
# `tag` is what `dependabot` uses to find the relevant docker images.
tag = "nixpkgs-dependabot-cli-${version}";
updateJobProxy = dockerTools.pullImage {
imageName = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy";
# Get these hashes from
# nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy --image-tag latest --final-image-name dependabot-update-job-proxy --final-image-tag ${tag}
imageDigest = "sha256:3030ba5ff8f556e47016fca94d81c677b5c6abde99fef228341e1537588e503a";
hash = "sha256-RiXUae5ONScoDu85L6BEf3T4JodBYha6v+d9kWl8oWc=";
# Get these hashes from
# nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy --image-tag latest --final-image-name dependabot-update-job-proxy --final-image-tag ${tag}
updateJobProxy.imageDigest = "sha256:a42f9b9845929ae044b8cd51b5335195c33fd610405e558552408287c5295827";
updateJobProxy.hash = "sha256-pEtwBoJ+wF2TdQCcCyigLg4NYqOp2oNCEB7oCJOkwYc=";
# Don't update this, it's used to refer to the imported image later
finalImageName = "dependabot-update-job-proxy";
finalImageTag = tag;
};
updaterGitHubActions = dockerTools.pullImage {
imageName = "ghcr.io/dependabot/dependabot-updater-github-actions";
# Get these hashes from
# nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/dependabot/dependabot-updater-github-actions --image-tag latest --final-image-name dependabot-updater-github-actions --final-image-tag ${tag}
imageDigest = "sha256:a356576adbec11bc34b142b6ef69a5856a09dc3654bdc9f9b046c08ee2d73ff8";
hash = "sha256-zqydb2v39xiSBT5ayWEacD0NIH6LoFX8lkRcCKppH08=";
# Don't update this, it's used to refer to the imported image later
finalImageName = "dependabot-updater-github-actions";
finalImageTag = tag;
};
# Get these hashes from
# nix run nixpkgs#nix-prefetch-docker -- --image-name ghcr.io/dependabot/dependabot-updater-github-actions --image-tag latest --final-image-name dependabot-updater-github-actions --final-image-tag ${tag}
updaterGitHubActions.imageDigest = "sha256:ca93364b87b6a803d0005409cdb4c61d9c6d808dca33de47de14ef8c30811b51";
updaterGitHubActions.hash = "sha256-TnV8IaBrGPpd06YYmvazGMlZTAVJIMCSWdOgi6hkpRE=";
in
buildGoModule {
inherit pname version;
@@ -47,10 +34,10 @@ buildGoModule {
owner = "dependabot";
repo = "cli";
rev = "v${version}";
hash = "sha256-lk0AEFQYemr4wP7JXx5mPzzo2VzSJvygPP5vtUvPaxs=";
hash = "sha256-RZNZ72FG4KQr52X0No6iXU4NMUQs7k000KYpw2Kuz5U=";
};
vendorHash = "sha256-pnB1SkuEGm0KfkDfjnoff5fZRsAgD5w2H4UwsD3Jlbo=";
vendorHash = "sha256-5zOMTe8Sa/nkIGtwm4FbAqv3/9Mg5Du2ixxF84VQbXE=";
ldflags = [
"-s"
@@ -63,7 +50,7 @@ buildGoModule {
installShellFiles
];
postInstall = ''
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd dependabot \
--bash <($out/bin/dependabot completion bash) \
--fish <($out/bin/dependabot completion fish) \
@@ -79,18 +66,36 @@ buildGoModule {
$out/bin/dependabot --help
'';
passthru.updateScript = ./update.sh;
passthru.withDockerImages = symlinkJoin {
name = "dependabot-cli-with-docker-images";
paths = [ dependabot-cli ];
buildInputs = [ makeWrapper ];
postBuild = ''
# Create a wrapper that pins the docker images that are depended upon
wrapProgram $out/bin/dependabot \
--run "docker load --input ${updateJobProxy} >&2" \
--add-flags "--proxy-image=dependabot-update-job-proxy:${tag}" \
--run "docker load --input ${updaterGitHubActions} >&2" \
--add-flags "--updater-image=dependabot-updater-github-actions:${tag}"
'';
postBuild =
let
updateJobProxyImage = dockerTools.pullImage {
imageName = "ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy";
finalImageName = "dependabot-update-job-proxy";
finalImageTag = tag;
inherit (updateJobProxy) imageDigest hash;
};
updaterGitHubActionsImage = dockerTools.pullImage {
imageName = "ghcr.io/dependabot/dependabot-updater-github-actions";
finalImageName = "dependabot-updater-github-actions";
finalImageTag = tag;
inherit (updaterGitHubActions) imageDigest hash;
};
in
''
# Create a wrapper that pins the docker images that `dependabot` uses.
wrapProgram $out/bin/dependabot \
--run "docker load --input ${updateJobProxyImage} >&2" \
--add-flags "--proxy-image=dependabot-update-job-proxy:${tag}" \
--run "docker load --input ${updaterGitHubActionsImage} >&2" \
--add-flags "--updater-image=dependabot-updater-github-actions:${tag}"
'';
};
passthru.tests.version = testers.testVersion {
@@ -99,15 +104,15 @@ buildGoModule {
version = "v${version}";
};
meta = with lib; {
meta = {
changelog = "https://github.com/dependabot/cli/releases/tag/v${version}";
description = "Tool for testing and debugging Dependabot update jobs";
mainProgram = "dependabot";
homepage = "https://github.com/dependabot/cli";
license = licenses.mit;
maintainers = with maintainers; [
l0b0
license = lib.licenses.mit;
maintainers = with lib.maintainers; [
infinisil
philiptaron
];
};
}

48
pkgs/by-name/de/dependabot-cli/update.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl gnugrep gnused jq gh nix-prefetch-docker nix gitMinimal
set -x -eu -o pipefail
cd $(dirname "${BASH_SOURCE[0]}")
NIXPKGS_PATH="$(git rev-parse --show-toplevel)"
temp_dir=$(mktemp -d)
trap 'rm -rf "$temp_dir"' EXIT
gh api repos/dependabot/cli/releases/latest > "$temp_dir/latest.json"
VERSION="$(jq -r .tag_name "$temp_dir/latest.json" | sed 's/^v//')"
OLD_VERSION="$(grep -m1 'version = "' ./package.nix | cut -d'"' -f2)"
if [ "$OLD_VERSION" = "$VERSION" ]; then
echo "dependabot is already up-to-date at $OLD_VERSION"
exit 0
fi
SHA256="$(nix-prefetch-url --quiet --unpack https://github.com/dependabot/cli/archive/refs/tags/v${VERSION}.tar.gz)"
HASH="$(nix hash convert --hash-algo sha256 --to sri "$SHA256")"
nix-prefetch-docker --json --quiet --final-image-name dependabot-update-job-proxy --final-image-tag "nixpkgs-dependabot-cli-$VERSION" ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy latest > "$temp_dir/dependabot-update-job-proxy.json"
nix-prefetch-docker --json --quiet --final-image-name dependabot-updater-github-actions --final-image-tag "nixpkgs-dependabot-cli-$VERSION" ghcr.io/dependabot/dependabot-updater-github-actions latest > "$temp_dir/dependabot-updater-github-actions.json"
setKV () {
sed -i "s,$1 = \"[^v].*\",$1 = \"${2:-}\"," ./package.nix
}
setKV version "${VERSION}"
setKV hash "${HASH}"
setKV updateJobProxy.imageDigest "$(jq -r .imageDigest "$temp_dir/dependabot-update-job-proxy.json")"
setKV updateJobProxy.hash "$(jq -r .hash "$temp_dir/dependabot-update-job-proxy.json")"
setKV updaterGitHubActions.imageDigest "$(jq -r .imageDigest "$temp_dir/dependabot-updater-github-actions.json")"
setKV updaterGitHubActions.hash "$(jq -r .hash "$temp_dir/dependabot-updater-github-actions.json")"
# We need to figure out the vendorHash for this new version, so we initially set it to `lib.fakeHash`
FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
setKV vendorHash "$FAKE_HASH"
set +e
VENDOR_HASH="$(nix-build --no-out-link --log-format internal-json -A dependabot-cli "$NIXPKGS_PATH" 2>&1 >/dev/null | grep "$FAKE_HASH" | grep -o "sha256-[^\\]*" | tail -1)"
set -e
setKV vendorHash "$VENDOR_HASH"