diff --git a/nixos/tests/pomerium.nix b/nixos/tests/pomerium.nix index 7af828326448..abaf56c518e0 100644 --- a/nixos/tests/pomerium.nix +++ b/nixos/tests/pomerium.nix @@ -20,6 +20,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; in { pomerium = { pkgs, lib, ... }: { imports = [ (base "192.168.1.1") ]; + environment.systemPackages = with pkgs; [ chromium ]; services.pomerium = { enable = true; settings = { @@ -98,5 +99,11 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { pomerium.succeed( "curl -L --resolve login.required:80:127.0.0.1 http://login.required | grep 'hello I am login page'" ) + + with subtest("ui"): + pomerium.succeed( + # check for a string that only appears if the UI is displayed correctly + "chromium --no-sandbox --headless --disable-gpu --dump-dom --host-resolver-rules='MAP login.required 127.0.0.1:80' http://login.required/.pomerium | grep 'contact your administrator'" + ) ''; }) diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix index 8e41aa8590b5..d78a4cc74c05 100644 --- a/pkgs/servers/http/pomerium/default.nix +++ b/pkgs/servers/http/pomerium/default.nix @@ -14,25 +14,24 @@ let in buildGoModule rec { pname = "pomerium"; - version = "0.20.0"; + version = "0.21.2"; src = fetchFromGitHub { owner = "pomerium"; repo = "pomerium"; rev = "v${version}"; - sha256 = "sha256-J8ediRreV80lzPcKIOSl1CNHp04ZW9ePyNyejlN50cE="; + sha256 = "sha256-wsfbG4VAS3U3voDdry35QlWknlWIfThZQalf9S/9GO0="; }; - vendorSha256 = "sha256-V8asyi1Nm+h3KK/loBRZQN6atfEGUEdRydeZsp9wyQY="; + vendorSha256 = "sha256-8g3jhxKIT0EGUXh0hrvDbw3i04khqlAfGzM6k4q3O8g="; ui = mkYarnPackage { inherit version; src = "${src}/ui"; - # update pomerium-ui-package.json when updating package, sourced from ui/package.json - packageJSON = ./pomerium-ui-package.json; + packageJSON = ./package.json; offlineCache = fetchYarnDeps { yarnLock = "${src}/ui/yarn.lock"; - sha256 = "sha256:1n6swanrds9hbd4yyfjzpnfhsb8fzj1pwvvcg3w7b1cgnihclrmv"; + sha256 = lib.fileContents ./yarn-hash; }; buildPhase = '' @@ -111,9 +110,12 @@ buildGoModule rec { install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium ''; - passthru.tests = { - inherit (nixosTests) pomerium; - inherit pomerium-cli; + passthru = { + tests = { + inherit (nixosTests) pomerium; + inherit pomerium-cli; + }; + updateScript = ./updater.sh; }; meta = with lib; { diff --git a/pkgs/servers/http/pomerium/pomerium-ui-package.json b/pkgs/servers/http/pomerium/package.json similarity index 98% rename from pkgs/servers/http/pomerium/pomerium-ui-package.json rename to pkgs/servers/http/pomerium/package.json index 6b9dcf4a3e8d..37227248672c 100644 --- a/pkgs/servers/http/pomerium/pomerium-ui-package.json +++ b/pkgs/servers/http/pomerium/package.json @@ -29,7 +29,7 @@ "@fontsource/dm-sans": "^4.5.1", "@mui/icons-material": "^5.3.1", "@mui/material": "^5.4.0", - "luxon": "^2.3.0", + "luxon": "^2.5.2", "markdown-to-jsx": "^7.1.7", "react": "^17.0.2", "react-dom": "^17.0.2", diff --git a/pkgs/servers/http/pomerium/updater.sh b/pkgs/servers/http/pomerium/updater.sh new file mode 100755 index 000000000000..0df47268ca96 --- /dev/null +++ b/pkgs/servers/http/pomerium/updater.sh @@ -0,0 +1,23 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p gnugrep coreutils curl wget jq nix-update prefetch-yarn-deps + +set -euo pipefail +pushd "$(dirname "${BASH_SOURCE[0]}")" + +owner="pomerium" +repo="pomerium" +version=`curl -s "https://api.github.com/repos/$owner/$repo/tags" | jq -r .[0].name | grep -oP "^v\K.*"` +url="https://raw.githubusercontent.com/$owner/$repo/v$version/" + +if [[ "$UPDATE_NIX_OLD_VERSION" == "$version" ]]; then + echo "Already up to date!" + exit 0 +fi + +rm -f package.json yarn.lock +wget "$url/ui/yarn.lock" "$url/ui/package.json" +echo $(prefetch-yarn-deps) > yarn-hash +rm -f yarn.lock + +popd +nix-update pomerium --version $version diff --git a/pkgs/servers/http/pomerium/yarn-hash b/pkgs/servers/http/pomerium/yarn-hash new file mode 100644 index 000000000000..fec5f1f3c7e8 --- /dev/null +++ b/pkgs/servers/http/pomerium/yarn-hash @@ -0,0 +1 @@ +085nghha82q30b3vgzs76xsa85kbxqk7mjrknxxc5z7awrjhdmkb