-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupdate.sh
executable file
·37 lines (31 loc) · 1.09 KB
/
update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/env bash
set -euo pipefail
function nixEval() {
scriptdir="$(dirname -- "$( realpath -e -- "${BASH_SOURCE[0]}")")"
nix eval --impure --raw --expr "(builtins.getFlake \"${scriptdir}\").outputs.packages.x86_64-linux.${1}"
}
echo "Updating nix flake inputs..." >&2
nix flake update --commit-lock-file
echo "Updating govulndb..." >&2
govulndbURL=$(nixEval govulndb.url)
currentHash=$(nixEval govulndb.outputHash)
currentVersion=$(nixEval govulndb.version)
tmpdir=$(mktemp -d)
trap 'rm -rf $tmpdir' EXIT
pushd "${tmpdir}" > /dev/null
curl -fsSLO "${govulndbURL}"
unzip -q vulndb.zip
rm vulndb.zip
newVersionDate=$(jq -re '.modified' index/db.json | cut -d'T' -f1)
newVersion="0-unstable-${newVersionDate}"
newHash=$(nix hash path --type sha256 .)
popd > /dev/null
sed -i "s/${currentVersion}/${newVersion}/" flake.nix
sed -i "s/${currentHash}/${newHash}/" flake.nix
if git diff --quiet --exit-code flake.nix; then
echo "govulndb is already up-to-date"
else
echo "govulndb: ${currentVersion} -> ${newVersion}"
git add flake.nix
git commit -m "govulndb: update to ${newVersion}"
fi