|
| 1 | +#!/usr/bin/env nix-shell |
| 2 | +#!nix-shell -i bash -p curl jq nix-prefetch-github gawk |
| 3 | + |
| 4 | +set -euo pipefail |
| 5 | + |
| 6 | +# Updates docker packages (docker_29, docker_30, etc.) |
| 7 | +# Fetches component versions from moby's Dockerfile and updates all hashes |
| 8 | + |
| 9 | +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" |
| 10 | +DEFAULT_NIX="$SCRIPT_DIR/default.nix" |
| 11 | + |
| 12 | +# Determine which docker version to update |
| 13 | +ATTR="${1:-${UPDATE_NIX_ATTR_PATH:-docker}}" |
| 14 | + |
| 15 | +# Handle "docker" alias -> use the last docker_XX in the file (latest version) |
| 16 | +if [[ "$ATTR" == "docker" ]]; then |
| 17 | + ATTR=$(grep -oE 'docker_[0-9]+' "$DEFAULT_NIX" | tail -1) |
| 18 | +fi |
| 19 | +ATTR=$(echo "$ATTR" | grep -oE 'docker_[0-9]+' | head -1) |
| 20 | + |
| 21 | +[[ -z "$ATTR" ]] && { echo "Error: Could not determine docker version"; exit 1; } |
| 22 | + |
| 23 | +MAJOR="${ATTR#docker_}" |
| 24 | +echo "Updating $ATTR (major version: $MAJOR)" |
| 25 | + |
| 26 | +# Get current and latest versions |
| 27 | +CURRENT=$(awk -v a="$ATTR" '$0~a" ="{f=1} f&&/version = "/{match($0,/"[^"]+"/);print substr($0,RSTART+1,RLENGTH-2);exit}' "$DEFAULT_NIX") |
| 28 | +LATEST=$(curl -s ${GITHUB_TOKEN:+" -u \":$GITHUB_TOKEN\""} "https://api.github.com/repos/moby/moby/releases" | \ |
| 29 | + jq -r --arg m "$MAJOR" '[.[]|select(.tag_name|startswith("docker-v"+$m+"."))|select(.prerelease==false)][0].tag_name|sub("docker-v";"")') |
| 30 | + |
| 31 | +echo "Current: $CURRENT, Latest: $LATEST" |
| 32 | +[[ "$CURRENT" == "$LATEST" ]] && { echo "Already up to date!"; exit 0; } |
| 33 | + |
| 34 | +# Fetch component versions from Dockerfile |
| 35 | +DOCKERFILE=$(curl -sL "https://raw.githubusercontent.com/moby/moby/docker-v$LATEST/Dockerfile") |
| 36 | +RUNC_REV=$(echo "$DOCKERFILE" | sed -n 's/^ARG RUNC_VERSION=//p' | head -1) |
| 37 | +CONTAINERD_REV=$(echo "$DOCKERFILE" | sed -n 's/^ARG CONTAINERD_VERSION=//p' | head -1) |
| 38 | + |
| 39 | +echo "Components: runc=$RUNC_REV, containerd=$CONTAINERD_REV" |
| 40 | + |
| 41 | +# Prefetch helper |
| 42 | +prefetch() { nix-prefetch-github "$1" "$2" --rev "$3" 2>/dev/null | jq -r '.hash'; } |
| 43 | + |
| 44 | +echo "Prefetching sources..." |
| 45 | +CLI_HASH=$(prefetch docker cli "v$LATEST") |
| 46 | +MOBY_HASH=$(prefetch moby moby "docker-v$LATEST") |
| 47 | +RUNC_HASH=$(prefetch opencontainers runc "$RUNC_REV") |
| 48 | +CONTAINERD_HASH=$(prefetch containerd containerd "$CONTAINERD_REV") |
| 49 | + |
| 50 | +# Validate all hashes |
| 51 | +for h in "$CLI_HASH" "$MOBY_HASH" "$RUNC_HASH" "$CONTAINERD_HASH"; do |
| 52 | + [[ -z "$h" || "$h" == "null" ]] && { echo "Failed to prefetch a source"; exit 1; } |
| 53 | +done |
| 54 | + |
| 55 | +# Update default.nix |
| 56 | +echo "Updating $DEFAULT_NIX..." |
| 57 | +awk -v attr="$ATTR" -v ver="$LATEST" -v cli="$CLI_HASH" -v moby="$MOBY_HASH" \ |
| 58 | + -v runcR="$RUNC_REV" -v runcH="$RUNC_HASH" -v ctrdR="$CONTAINERD_REV" -v ctrdH="$CONTAINERD_HASH" \ |
| 59 | + -v old="$CURRENT" ' |
| 60 | + $0 ~ attr" =" { in_block=1 } |
| 61 | + in_block && /^ docker_[0-9]/ && $0 !~ attr { in_block=0 } |
| 62 | + in_block && /^}$/ { in_block=0 } |
| 63 | + in_block && /version = "/ { gsub(old, ver) } |
| 64 | + in_block && /cliHash = "sha256-/ { gsub(/sha256-[^"]*/, cli) } |
| 65 | + in_block && /mobyHash = "sha256-/ { gsub(/sha256-[^"]*/, moby) } |
| 66 | + in_block && /runcRev = "/ { gsub(/"v[^"]*"/, "\"" runcR "\"") } |
| 67 | + in_block && /runcHash = "sha256-/ { gsub(/sha256-[^"]*/, runcH) } |
| 68 | + in_block && /containerdRev = "/ { gsub(/"v[^"]*"/, "\"" ctrdR "\"") } |
| 69 | + in_block && /containerdHash = "sha256-/ { gsub(/sha256-[^"]*/, ctrdH) } |
| 70 | + { print } |
| 71 | +' "$DEFAULT_NIX" > "$DEFAULT_NIX.tmp" && mv "$DEFAULT_NIX.tmp" "$DEFAULT_NIX" |
| 72 | + |
| 73 | +echo "Updated $ATTR to $LATEST (cli=$CLI_HASH, moby=$MOBY_HASH, runc=$RUNC_REV, containerd=$CONTAINERD_REV)" |
0 commit comments