5280e28e13
- use nix-prefetch for vendorSha256 - use no-out-link for nix-build - fix nixpkgs import path
167 lines
4.5 KiB
Bash
Executable File
167 lines
4.5 KiB
Bash
Executable File
#!/usr/bin/env nix-shell
|
|
#! nix-shell -I nixpkgs=../../../../.. -i bash -p coreutils curl jq moreutils nix nix-prefetch
|
|
# shellcheck shell=bash
|
|
# vim: ft=sh
|
|
#
|
|
# Update a terraform provider to the latest version advertised at the
|
|
# provider source address.
|
|
#
|
|
set -euo pipefail
|
|
shopt -s inherit_errexit
|
|
|
|
show_usage() {
|
|
cat <<DOC
|
|
Usage: ./update-provider [--force] [--vendor] [<owner>/]<provider>
|
|
|
|
Update a single provider in the providers.json inventory file.
|
|
|
|
For example to update 'terraform-providers.aws' run:
|
|
|
|
./update-provider aws
|
|
|
|
If the provider is not in the list already, use the form '<owner>/<provider>'
|
|
to add the provider to the list:
|
|
|
|
./update-provider hetznercloud/hcloud
|
|
|
|
Options:
|
|
|
|
* --force: Force the update even if the version matches.
|
|
* --vendor: Switch from go package to go modules with vendor.
|
|
* --vendor-sha256 <sha256>: Override the SHA256 or "null".
|
|
DOC
|
|
}
|
|
|
|
force=
|
|
provider=
|
|
vendor=
|
|
vendorSha256=
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
-h | --help)
|
|
show_usage
|
|
exit
|
|
;;
|
|
--force)
|
|
force=1
|
|
shift
|
|
;;
|
|
--vendor)
|
|
force=1
|
|
vendor=1
|
|
shift
|
|
;;
|
|
--vendor-sha256)
|
|
force=1
|
|
vendorSha256=$2
|
|
shift 2
|
|
;;
|
|
*)
|
|
if [[ -n ${provider} ]]; then
|
|
echo "ERROR: provider name was passed two times: '${provider}' and '$1'"
|
|
echo "Use --help for more info"
|
|
exit 1
|
|
fi
|
|
provider=$1
|
|
shift
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [[ -z ${provider} ]]; then
|
|
echo "ERROR: No providers specified!"
|
|
echo
|
|
show_usage
|
|
exit 1
|
|
fi
|
|
|
|
provider_name=$(basename "${provider}")
|
|
|
|
# Usage: read_attr <key>
|
|
read_attr() {
|
|
jq -r ".\"${provider_name}\".\"$1\"" providers.json
|
|
}
|
|
|
|
# Usage: update_attr <key> <value>
|
|
update_attr() {
|
|
if [[ $2 == "null" ]]; then
|
|
jq -S ".\"${provider_name}\".\"$1\" = null" providers.json | sponge providers.json
|
|
else
|
|
jq -S ".\"${provider_name}\".\"$1\" = \"$2\"" providers.json | sponge providers.json
|
|
fi
|
|
}
|
|
|
|
prefetch_github() {
|
|
# of a given owner, repo and rev, fetch the tarball and return the output of
|
|
# `nix-prefetch-url`
|
|
local owner=$1
|
|
local repo=$2
|
|
local rev=$3
|
|
nix-prefetch-url --unpack "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"
|
|
}
|
|
|
|
old_source_address="$(read_attr provider-source-address)"
|
|
old_vendor_sha256=$(read_attr vendorSha256)
|
|
old_version=$(read_attr version)
|
|
|
|
if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then
|
|
source_address=registry.terraform.io/${provider}
|
|
else
|
|
source_address=${old_source_address}
|
|
fi
|
|
if [[ ${source_address} == "null" ]]; then
|
|
echo "Could not find the source address for provider: ${provider}"
|
|
exit 1
|
|
fi
|
|
update_attr "provider-source-address" "${source_address}"
|
|
|
|
# The provider source address (used inside Terraform `required_providers` block) is
|
|
# used to compute the registry API endpoint
|
|
#
|
|
# registry.terraform.io/hashicorp/aws (provider source address)
|
|
# registry.terraform.io/providers/hashicorp/aws (provider URL for the website)
|
|
# registry.terraform.io/v1/providers/hashicorp/aws (provider URL for the JSON API)
|
|
registry_response=$(curl -s https://"${source_address/\///v1/providers/}")
|
|
|
|
version="$(jq -r '.version' <<<"${registry_response}")"
|
|
if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorSha256} && ${old_vendor_sha256} != "${vendorSha256}" ]]; then
|
|
echo "${provider_name} is already at version ${version}"
|
|
exit
|
|
fi
|
|
update_attr version "${version}"
|
|
|
|
provider_source_url="$(jq -r '.source' <<<"${registry_response}")"
|
|
|
|
org="$(echo "${provider_source_url}" | cut -d '/' -f 4)"
|
|
update_attr owner "${org}"
|
|
repo="$(echo "${provider_source_url}" | cut -d '/' -f 5)"
|
|
update_attr repo "${repo}"
|
|
rev="$(jq -r '.tag' <<<"${registry_response}")"
|
|
update_attr rev "${rev}"
|
|
sha256=$(prefetch_github "${org}" "${repo}" "${rev}")
|
|
update_attr sha256 "${sha256}"
|
|
|
|
repo_root=$(git rev-parse --show-toplevel)
|
|
|
|
if [[ -z ${vendorSha256} ]]; then
|
|
if [[ ${old_vendor_sha256} == null ]]; then
|
|
vendorSha256=null
|
|
elif [[ -n ${old_vendor_sha256} || ${vendor} == 1 ]]; then
|
|
echo "=== Calculating vendorSha256 ==="
|
|
vendorSha256=$(nix-prefetch "{ sha256 }: (import ../../../../.. {}).terraform-providers.${provider_name}.go-modules.overrideAttrs (_: { vendorSha256 = sha256; })")
|
|
# Deal with nix unstable
|
|
if [[ ${vendorSha256} == sha256-* ]]; then
|
|
vendorSha256=$(nix --extra-experimental-features nix-command hash to-base32 "${vendorSha256}")
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [[ -n ${vendorSha256} ]]; then
|
|
update_attr vendorSha256 "${vendorSha256}"
|
|
fi
|
|
|
|
# Check that the provider builds
|
|
echo "=== Building terraform-providers.${provider_name} ==="
|
|
nix-build --no-out-link "${repo_root}" -A "terraform-providers.${provider_name}"
|