cmctl: fix version encoded inside binary

PR includes the version and git revision as ld build flags to ensure correct version is output with the `cmctl version` command. Adds an `update.sh` script which can be used to update the version of cmctl. Will automatically fetch the latest semvar release of cmctl, and update hashes accordingly in `default.nix`. Signed-off-by: joshvanl <me@joshvanl.dev>
2022-08-03 10:05:50 +01:00 · 2022-08-03 10:05:50 +01:00 · 2c2366f681
commit 2c2366f681
parent a9a6c5d102
2 changed files with 45 additions and 3 deletions
--- a/pkgs/applications/networking/cluster/cmctl/default.nix
+++ b/pkgs/applications/networking/cluster/cmctl/default.nix
@ -7,8 +7,8 @@ buildGoModule rec {
  src = fetchFromGitHub {
    owner = "cert-manager";
    repo = "cert-manager";
-    rev = "v${version}";
-    hash = "sha256-Z1aJ18X4mfJPlCPBC7QgfdX5Tk4+PK8mYoJZhGwz9ec=";
+    rev = "4486c01f726f17d2790a8a563ae6bc6e98465505";
+    sha256 = "1rzm6dn88nc2c8kayg1y9r7gkmbx42s0ph93ji7z56gqqpbqjmk7";
  };

  vendorSha256 = "sha256-45+tZZAEHaLdTN1NQCueJVTx5x2IanwDl+Y9MELqdBE=";
@ -19,6 +19,8 @@ buildGoModule rec {
    "-s" "-w"
    "-X github.com/cert-manager/cert-manager/cmd/ctl/pkg/build.name=cmctl"
    "-X github.com/cert-manager/cert-manager/cmd/ctl/pkg/build/commands.registerCompletion=true"
+    "-X github.com/cert-manager/cert-manager/pkg/util.AppVersion=v${version}"
+    "-X github.com/cert-manager/cert-manager/pkg/util.AppGitCommit=${src.rev}"
  ];

  nativeBuildInputs = [ installShellFiles ];
@ -49,4 +51,3 @@ buildGoModule rec {
    maintainers = with maintainers; [ joshvanl superherointj ];
  };
 }
-
--- a/pkgs/applications/networking/cluster/cmctl/update.sh
+++ b/pkgs/applications/networking/cluster/cmctl/update.sh
@ -0,0 +1,41 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl gnugrep gnused jq
+
+set -x -eu -o pipefail
+
+NIXPKGS_PATH="$(git rev-parse --show-toplevel)"
+CMCTL_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+
+OLD_VERSION="$(nix-instantiate --eval -E "with import $NIXPKGS_PATH {}; cmctl.version or (builtins.parseDrvName cmctl.name).version" | tr -d '"')"
+LATEST_TAG="$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} "https://api.github.com/repos/cert-manager/cert-manager/releases" | jq '.[].tag_name' --raw-output | sed '/-/d' | sort --version-sort -r | head -n 1)"
+LATEST_VERSION="${LATEST_TAG:1}"
+
+if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then
+    SHA256=$(nix-prefetch-url --quiet --unpack https://github.com/cert-manager/cert-manager/archive/refs/tags/${LATEST_TAG}.tar.gz)
+    TAG_SHA=$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""}  "https://api.github.com/repos/cert-manager/cert-manager/git/ref/tags/${LATEST_TAG}" | jq -r '.object.sha')
+    TAG_COMMIT_SHA=$(curl -s ${GITHUB_TOKEN:+"-u \":$GITHUB_TOKEN\""} "https://api.github.com/repos/cert-manager/cert-manager/git/tags/${TAG_SHA}" | jq '.object.sha' --raw-output)
+
+    setKV () {
+        sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "${CMCTL_PATH}/default.nix"
+    }
+
+    setKV version ${LATEST_VERSION}
+    setKV sha256 "${SHA256}"
+    setKV rev ${TAG_COMMIT_SHA}
+    setKV vendorSha256 "0000000000000000000000000000000000000000000000000000" # The same as lib.fakeSha256
+
+    set +e
+    VENDOR_SHA256=$(nix-build --no-out-link -A cmctl $NIXPKGS_PATH 2>&1 >/dev/null | grep "got:" | cut -d':' -f2 | sed 's| ||g')
+    set -e
+
+    if [ -n "${VENDOR_SHA256:-}" ]; then
+        setKV vendorSha256 ${VENDOR_SHA256}
+    else
+        echo "Update failed. VENDOR_SHA256 is empty."
+        exit 1
+    fi
+
+    echo "updated cmctl to $LATEST_VERSION, please commit changes."
+else
+    echo "cmctl is already up-to-date at $OLD_VERSION"
+fi