diff options
Diffstat (limited to 'maintainers/upload-release.pl')
| -rwxr-xr-x | maintainers/upload-release.pl | 134 |
1 files changed, 100 insertions, 34 deletions
diff --git a/maintainers/upload-release.pl b/maintainers/upload-release.pl index 66ccf1443..d3ef63db8 100755 --- a/maintainers/upload-release.pl +++ b/maintainers/upload-release.pl @@ -19,6 +19,8 @@ my $nixpkgsDir = "/home/eelco/Dev/nixpkgs-pristine"; my $TMPDIR = $ENV{'TMPDIR'} // "/tmp"; +my $isLatest = ($ENV{'IS_LATEST'} // "") eq "1"; + # FIXME: cut&paste from nixos-channel-scripts. sub fetch { my ($url, $type) = @_; @@ -35,22 +37,29 @@ sub fetch { my $evalUrl = "https://hydra.nixos.org/eval/$evalId"; my $evalInfo = decode_json(fetch($evalUrl, 'application/json')); #print Dumper($evalInfo); +my $flakeUrl = $evalInfo->{flake} or die; +my $flakeInfo = decode_json(`nix flake metadata --json "$flakeUrl"` or die); +my $nixRev = $flakeInfo->{revision} or die; -my $nixRev = $evalInfo->{jobsetevalinputs}->{nix}->{revision} or die; - -my $tarballInfo = decode_json(fetch("$evalUrl/job/tarball", 'application/json')); +my $buildInfo = decode_json(fetch("$evalUrl/job/build.x86_64-linux", 'application/json')); +#print Dumper($buildInfo); -my $releaseName = $tarballInfo->{releasename}; +my $releaseName = $buildInfo->{nixname}; $releaseName =~ /nix-(.*)$/ or die; my $version = $1; -print STDERR "Nix revision is $nixRev, version is $version\n"; +print STDERR "Flake URL is $flakeUrl, Nix revision is $nixRev, version is $version\n"; my $releaseDir = "nix/$releaseName"; my $tmpDir = "$TMPDIR/nix-release/$releaseName"; File::Path::make_path($tmpDir); +my $narCache = "$TMPDIR/nar-cache"; +File::Path::make_path($narCache); + +my $binaryCache = "https://cache.nixos.org/?local-nar-cache=$narCache"; + # S3 setup. my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "No AWS_ACCESS_KEY_ID given."; my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "No AWS_SECRET_ACCESS_KEY given."; @@ -76,6 +85,7 @@ sub downloadFile { my ($jobName, $productNr, $dstName) = @_; my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json')); + #print STDERR "$jobName: ", Dumper($buildInfo), "\n"; my $srcFile = $buildInfo->{buildproducts}->{$productNr}->{path} or die "job '$jobName' lacks product $productNr\n"; $dstName //= basename($srcFile); @@ -83,19 +93,27 @@ sub downloadFile { if (!-e $tmpFile) { print STDERR "downloading $srcFile to $tmpFile...\n"; - system("NIX_REMOTE=https://cache.nixos.org/ nix store cat '$srcFile' > '$tmpFile'") == 0 + + my $fileInfo = decode_json(`NIX_REMOTE=$binaryCache nix store ls --json '$srcFile'`); + + $srcFile = $fileInfo->{target} if $fileInfo->{type} eq 'symlink'; + + #print STDERR $srcFile, " ", Dumper($fileInfo), "\n"; + + system("NIX_REMOTE=$binaryCache nix store cat '$srcFile' > '$tmpFile'.tmp") == 0 or die "unable to fetch $srcFile\n"; + rename("$tmpFile.tmp", $tmpFile) or die; } - my $sha256_expected = $buildInfo->{buildproducts}->{$productNr}->{sha256hash} or die; + my $sha256_expected = $buildInfo->{buildproducts}->{$productNr}->{sha256hash}; my $sha256_actual = `nix hash file --base16 --type sha256 '$tmpFile'`; chomp $sha256_actual; - if ($sha256_expected ne $sha256_actual) { + if (defined($sha256_expected) && $sha256_expected ne $sha256_actual) { print STDERR "file $tmpFile is corrupt, got $sha256_actual, expected $sha256_expected\n"; exit 1; } - write_file("$tmpFile.sha256", $sha256_expected); + write_file("$tmpFile.sha256", $sha256_actual); if (! -e "$tmpFile.asc") { system("gpg2 --detach-sign --armor $tmpFile") == 0 or die "unable to sign $tmpFile\n"; @@ -104,8 +122,6 @@ sub downloadFile { return $sha256_expected; } -downloadFile("tarball", "2"); # .tar.bz2 -my $tarballHash = downloadFile("tarball", "3"); # .tar.xz downloadFile("binaryTarball.i686-linux", "1"); downloadFile("binaryTarball.x86_64-linux", "1"); downloadFile("binaryTarball.aarch64-linux", "1"); @@ -115,6 +131,60 @@ downloadFile("binaryTarballCross.x86_64-linux.armv6l-linux", "1"); downloadFile("binaryTarballCross.x86_64-linux.armv7l-linux", "1"); downloadFile("installerScript", "1"); +# Upload docker images to dockerhub. +my $dockerManifest = ""; +my $dockerManifestLatest = ""; + +for my $platforms (["x86_64-linux", "amd64"], ["aarch64-linux", "arm64"]) { + my $system = $platforms->[0]; + my $dockerPlatform = $platforms->[1]; + my $fn = "nix-$version-docker-image-$dockerPlatform.tar.gz"; + downloadFile("dockerImage.$system", "1", $fn); + + print STDERR "loading docker image for $dockerPlatform...\n"; + system("docker load -i $tmpDir/$fn") == 0 or die; + + my $tag = "nixos/nix:$version-$dockerPlatform"; + my $latestTag = "nixos/nix:latest-$dockerPlatform"; + + print STDERR "tagging $version docker image for $dockerPlatform...\n"; + system("docker tag nix:$version $tag") == 0 or die; + + if ($isLatest) { + print STDERR "tagging latest docker image for $dockerPlatform...\n"; + system("docker tag nix:$version $latestTag") == 0 or die; + } + + print STDERR "pushing $version docker image for $dockerPlatform...\n"; + system("docker push -q $tag") == 0 or die; + + if ($isLatest) { + print STDERR "pushing latest docker image for $dockerPlatform...\n"; + system("docker push -q $latestTag") == 0 or die; + } + + $dockerManifest .= " --amend $tag"; + $dockerManifestLatest .= " --amend $latestTag" +} + +print STDERR "creating multi-platform docker manifest...\n"; +system("docker manifest rm nixos/nix:$version"); +system("docker manifest create nixos/nix:$version $dockerManifest") == 0 or die; +if ($isLatest) { + print STDERR "creating latest multi-platform docker manifest...\n"; + system("docker manifest rm nixos/nix:latest"); + system("docker manifest create nixos/nix:latest $dockerManifestLatest") == 0 or die; +} + +print STDERR "pushing multi-platform docker manifest...\n"; +system("docker manifest push nixos/nix:$version") == 0 or die; + +if ($isLatest) { + print STDERR "pushing latest multi-platform docker manifest...\n"; + system("docker manifest push nixos/nix:latest") == 0 or die; +} + +# Upload release files to S3. for my $fn (glob "$tmpDir/*") { my $name = basename($fn); my $dstKey = "$releaseDir/" . $name; @@ -134,42 +204,38 @@ for my $fn (glob "$tmpDir/*") { } } -exit if $version =~ /pre/; - # Update nix-fallback-paths.nix. -system("cd $nixpkgsDir && git pull") == 0 or die; +if ($isLatest) { + system("cd $nixpkgsDir && git pull") == 0 or die; -sub getStorePath { - my ($jobName) = @_; - my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json')); - for my $product (values %{$buildInfo->{buildproducts}}) { - next unless $product->{type} eq "nix-build"; - next if $product->{path} =~ /[a-z]+$/; - return $product->{path}; + sub getStorePath { + my ($jobName) = @_; + my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json')); + return $buildInfo->{buildoutputs}->{out}->{path} or die "cannot get store path for '$jobName'"; } - die; -} -write_file("$nixpkgsDir/nixos/modules/installer/tools/nix-fallback-paths.nix", - "{\n" . - " x86_64-linux = \"" . getStorePath("build.x86_64-linux") . "\";\n" . - " i686-linux = \"" . getStorePath("build.i686-linux") . "\";\n" . - " aarch64-linux = \"" . getStorePath("build.aarch64-linux") . "\";\n" . - " x86_64-darwin = \"" . getStorePath("build.x86_64-darwin") . "\";\n" . - " aarch64-darwin = \"" . getStorePath("build.aarch64-darwin") . "\";\n" . - "}\n"); + write_file("$nixpkgsDir/nixos/modules/installer/tools/nix-fallback-paths.nix", + "{\n" . + " x86_64-linux = \"" . getStorePath("build.x86_64-linux") . "\";\n" . + " i686-linux = \"" . getStorePath("build.i686-linux") . "\";\n" . + " aarch64-linux = \"" . getStorePath("build.aarch64-linux") . "\";\n" . + " x86_64-darwin = \"" . getStorePath("build.x86_64-darwin") . "\";\n" . + " aarch64-darwin = \"" . getStorePath("build.aarch64-darwin") . "\";\n" . + "}\n"); -system("cd $nixpkgsDir && git commit -a -m 'nix-fallback-paths.nix: Update to $version'") == 0 or die; + system("cd $nixpkgsDir && git commit -a -m 'nix-fallback-paths.nix: Update to $version'") == 0 or die; +} # Update the "latest" symlink. $channelsBucket->add_key( "nix-latest/install", "", { "x-amz-website-redirect-location" => "https://releases.nixos.org/$releaseDir/install" }) - or die $channelsBucket->err . ": " . $channelsBucket->errstr; + or die $channelsBucket->err . ": " . $channelsBucket->errstr + if $isLatest; # Tag the release in Git. chdir("/home/eelco/Dev/nix-pristine") or die; system("git remote update origin") == 0 or die; system("git tag --force --sign $version $nixRev -m 'Tagging release $version'") == 0 or die; system("git push --tags") == 0 or die; -system("git push --force-with-lease origin $nixRev:refs/heads/latest-release") == 0 or die; +system("git push --force-with-lease origin $nixRev:refs/heads/latest-release") == 0 or die if $isLatest; |