nixpkgs/pkgs/applications/networking/cluster/terraform-providers/update-provider
zowoq 5280e28e13 terraform-providers: update-provider scripts
- use nix-prefetch for vendorSha256
- use no-out-link for nix-build
- fix nixpkgs import path
2022-01-02 16:53:11 +10:00

167 lines
4.5 KiB
Bash
Executable File

#!/usr/bin/env nix-shell
#! nix-shell -I nixpkgs=../../../../.. -i bash -p coreutils curl jq moreutils nix nix-prefetch
# shellcheck shell=bash
# vim: ft=sh
#
# Update a terraform provider to the latest version advertised at the
# provider source address.
#
set -euo pipefail
shopt -s inherit_errexit
show_usage() {
cat <<DOC
Usage: ./update-provider [--force] [--vendor] [<owner>/]<provider>
Update a single provider in the providers.json inventory file.
For example to update 'terraform-providers.aws' run:
./update-provider aws
If the provider is not in the list already, use the form '<owner>/<provider>'
to add the provider to the list:
./update-provider hetznercloud/hcloud
Options:
* --force: Force the update even if the version matches.
* --vendor: Switch from go package to go modules with vendor.
* --vendor-sha256 <sha256>: Override the SHA256 or "null".
DOC
}
force=
provider=
vendor=
vendorSha256=
while [[ $# -gt 0 ]]; do
case "$1" in
-h | --help)
show_usage
exit
;;
--force)
force=1
shift
;;
--vendor)
force=1
vendor=1
shift
;;
--vendor-sha256)
force=1
vendorSha256=$2
shift 2
;;
*)
if [[ -n ${provider} ]]; then
echo "ERROR: provider name was passed two times: '${provider}' and '$1'"
echo "Use --help for more info"
exit 1
fi
provider=$1
shift
;;
esac
done
if [[ -z ${provider} ]]; then
echo "ERROR: No providers specified!"
echo
show_usage
exit 1
fi
provider_name=$(basename "${provider}")
# Usage: read_attr <key>
read_attr() {
jq -r ".\"${provider_name}\".\"$1\"" providers.json
}
# Usage: update_attr <key> <value>
update_attr() {
if [[ $2 == "null" ]]; then
jq -S ".\"${provider_name}\".\"$1\" = null" providers.json | sponge providers.json
else
jq -S ".\"${provider_name}\".\"$1\" = \"$2\"" providers.json | sponge providers.json
fi
}
prefetch_github() {
# of a given owner, repo and rev, fetch the tarball and return the output of
# `nix-prefetch-url`
local owner=$1
local repo=$2
local rev=$3
nix-prefetch-url --unpack "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"
}
old_source_address="$(read_attr provider-source-address)"
old_vendor_sha256=$(read_attr vendorSha256)
old_version=$(read_attr version)
if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then
source_address=registry.terraform.io/${provider}
else
source_address=${old_source_address}
fi
if [[ ${source_address} == "null" ]]; then
echo "Could not find the source address for provider: ${provider}"
exit 1
fi
update_attr "provider-source-address" "${source_address}"
# The provider source address (used inside Terraform `required_providers` block) is
# used to compute the registry API endpoint
#
# registry.terraform.io/hashicorp/aws (provider source address)
# registry.terraform.io/providers/hashicorp/aws (provider URL for the website)
# registry.terraform.io/v1/providers/hashicorp/aws (provider URL for the JSON API)
registry_response=$(curl -s https://"${source_address/\///v1/providers/}")
version="$(jq -r '.version' <<<"${registry_response}")"
if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorSha256} && ${old_vendor_sha256} != "${vendorSha256}" ]]; then
echo "${provider_name} is already at version ${version}"
exit
fi
update_attr version "${version}"
provider_source_url="$(jq -r '.source' <<<"${registry_response}")"
org="$(echo "${provider_source_url}" | cut -d '/' -f 4)"
update_attr owner "${org}"
repo="$(echo "${provider_source_url}" | cut -d '/' -f 5)"
update_attr repo "${repo}"
rev="$(jq -r '.tag' <<<"${registry_response}")"
update_attr rev "${rev}"
sha256=$(prefetch_github "${org}" "${repo}" "${rev}")
update_attr sha256 "${sha256}"
repo_root=$(git rev-parse --show-toplevel)
if [[ -z ${vendorSha256} ]]; then
if [[ ${old_vendor_sha256} == null ]]; then
vendorSha256=null
elif [[ -n ${old_vendor_sha256} || ${vendor} == 1 ]]; then
echo "=== Calculating vendorSha256 ==="
vendorSha256=$(nix-prefetch "{ sha256 }: (import ../../../../.. {}).terraform-providers.${provider_name}.go-modules.overrideAttrs (_: { vendorSha256 = sha256; })")
# Deal with nix unstable
if [[ ${vendorSha256} == sha256-* ]]; then
vendorSha256=$(nix --extra-experimental-features nix-command hash to-base32 "${vendorSha256}")
fi
fi
fi
if [[ -n ${vendorSha256} ]]; then
update_attr vendorSha256 "${vendorSha256}"
fi
# Check that the provider builds
echo "=== Building terraform-providers.${provider_name} ==="
nix-build --no-out-link "${repo_root}" -A "terraform-providers.${provider_name}"