terraform-providers: switch to hash/vendorHash

2022-09-21 14:59:14 +10:00 · 2022-09-21 14:59:14 +10:00 · d1abee2262
commit d1abee2262
parent 48f449716d
3 changed files with 309 additions and 308 deletions
--- a/pkgs/applications/networking/cluster/terraform-providers/default.nix
+++ b/pkgs/applications/networking/cluster/terraform-providers/default.nix
@ -17,17 +17,18 @@ let
     , repo
     , rev
     , version
-     , sha256
-     , vendorSha256
+     , hash ? throw "use hash instead of sha256" # added 2202/09
+     , vendorHash ? throw "use vendorHash instead of vendorSha256" # added 2202/09
     , deleteVendor ? false
     , proxyVendor ? false
     , mkProviderGoModule ? buildGoModule
-     , # Looks like "registry.terraform.io/vancluever/acme"
-       provider-source-address
+       # Looks like "registry.terraform.io/vancluever/acme"
+     , provider-source-address
+     , ...
     }@attrs:
      mkProviderGoModule {
        pname = repo;
-        inherit vendorSha256 version deleteVendor proxyVendor;
+        inherit vendorHash version deleteVendor proxyVendor;
        subPackages = [ "." ];
        doCheck = false;
        # https://github.com/hashicorp/terraform-provider-scaffolding/blob/a8ac8375a7082befe55b71c8cbb048493dd220c2/.goreleaser.yml
@ -36,7 +37,7 @@ let
        ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.commit=${rev}" ];
        src = fetchFromGitHub {
          name = "source-${rev}";
-          inherit owner repo rev sha256;
+          inherit owner repo rev hash;
        };

        # Move the provider to libexec
--- a/pkgs/applications/networking/cluster/terraform-providers/providers.json
+++ b/pkgs/applications/networking/cluster/terraform-providers/providers.json
--- a/pkgs/applications/networking/cluster/terraform-providers/update-provider
+++ b/pkgs/applications/networking/cluster/terraform-providers/update-provider
@ -28,14 +28,14 @@ Options:

  * --force: Force the update even if the version matches.
  * --no-build: Don't build provider
-  * --vendor-sha256 <sha256>: Override the SHA256 or "null".
+  * --vendor-hash <SRI-hash>: Override the SHA256 or "null".
 DOC
 }

 force=
 provider=
 build=1
-vendorSha256=
+vendorHash=

 while [[ $# -gt 0 ]]; do
  case "$1" in
@ -51,9 +51,9 @@ while [[ $# -gt 0 ]]; do
    build=0
    shift
    ;;
-  --vendor-sha256)
+  --vendor-hash)
    force=1
-    vendorSha256=$2
+    vendorHash=$2
    shift 2
    ;;
  *)
@ -93,14 +93,14 @@ repo_root=$(git rev-parse --show-toplevel)

 generate_hash() {
  nix-prefetch -I nixpkgs="${repo_root}" \
-    "{ sha256 }: (import ${repo_root} {}).terraform-providers.${provider}.$1.overrideAttrs (_: { $2 = sha256; })"
+    "{ sha256 }: (import ${repo_root} {}).terraform-providers.${provider}.$1.overrideAttrs (_: { inherit sha256; })"
 }

 echo_provider() {
  echo "== terraform-providers.${provider}: $* =="
 }

-pushd "$(dirname "$0")"
+pushd "$(dirname "$0")" >/dev/null

 if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then
  echo_provider "init"
@ -109,13 +109,13 @@ if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then
  update_attr "provider-source-address" "${source_address}"
  update_attr version "0"
  # create empty stings so nix-prefetch works
-  update_attr sha256 ""
-  update_attr vendorSha256 ""
+  update_attr hash ""
+  update_attr vendorHash ""
 else
  source_address="$(read_attr provider-source-address)"
 fi

-old_vendor_sha256=$(read_attr vendorSha256)
+old_vendor_hash=$(read_attr vendorHash)
 old_version=$(read_attr version)

 # The provider source address (used inside Terraform `required_providers` block) is
@ -127,7 +127,7 @@ old_version=$(read_attr version)
 registry_response=$(curl -s https://"${source_address/\///v1/providers/}")

 version="$(jq -r '.version' <<<"${registry_response}")"
-if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorSha256} && ${old_vendor_sha256} != "${vendorSha256}" ]]; then
+if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorHash} && ${old_vendor_hash} != "${vendorHash}" ]]; then
  echo_provider "already at version ${version}"
  exit
 fi
@ -146,20 +146,20 @@ repo="$(echo "${provider_source_url}" | cut -d '/' -f 5)"
 update_attr repo "${repo}"
 rev="$(jq -r '.tag' <<<"${registry_response}")"
 update_attr rev "${rev}"
-echo_provider "calculating sha256"
-sha256=$(generate_hash src outputHash)
-update_attr sha256 "${sha256}"
+echo_provider "calculating hash"
+hash=$(generate_hash src)
+update_attr hash "${hash}"

-if [[ -z ${vendorSha256} ]]; then
-  if [[ ${old_vendor_sha256} == null ]]; then
-    vendorSha256=null
+if [[ -z ${vendorHash} ]]; then
+  if [[ ${old_vendor_hash} == null ]]; then
+    vendorHash=null
  else
-    echo_provider "calculating vendorSha256"
-    vendorSha256=$(generate_hash go-modules vendorSha256)
+    echo_provider "calculating vendorHash"
+    vendorHash=$(generate_hash go-modules)
  fi
 fi

-update_attr vendorSha256 "${vendorSha256}"
+update_attr vendorHash "${vendorHash}"

 # Check that the provider builds
 if [[ ${build} == 1 ]]; then
@ -167,4 +167,4 @@ if [[ ${build} == 1 ]]; then
  nix-build --no-out-link "${repo_root}" -A "terraform-providers.${provider}"
 fi

-popd
+popd >/dev/null