terraform-providers: switch to hash/vendorHash

This commit is contained in:
zowoq 2022-09-21 14:59:14 +10:00
parent 48f449716d
commit d1abee2262
3 changed files with 309 additions and 308 deletions

View file

@ -17,17 +17,18 @@ let
, repo , repo
, rev , rev
, version , version
, sha256 , hash ? throw "use hash instead of sha256" # added 2202/09
, vendorSha256 , vendorHash ? throw "use vendorHash instead of vendorSha256" # added 2202/09
, deleteVendor ? false , deleteVendor ? false
, proxyVendor ? false , proxyVendor ? false
, mkProviderGoModule ? buildGoModule , mkProviderGoModule ? buildGoModule
, # Looks like "registry.terraform.io/vancluever/acme" # Looks like "registry.terraform.io/vancluever/acme"
provider-source-address , provider-source-address
, ...
}@attrs: }@attrs:
mkProviderGoModule { mkProviderGoModule {
pname = repo; pname = repo;
inherit vendorSha256 version deleteVendor proxyVendor; inherit vendorHash version deleteVendor proxyVendor;
subPackages = [ "." ]; subPackages = [ "." ];
doCheck = false; doCheck = false;
# https://github.com/hashicorp/terraform-provider-scaffolding/blob/a8ac8375a7082befe55b71c8cbb048493dd220c2/.goreleaser.yml # https://github.com/hashicorp/terraform-provider-scaffolding/blob/a8ac8375a7082befe55b71c8cbb048493dd220c2/.goreleaser.yml
@ -36,7 +37,7 @@ let
ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.commit=${rev}" ]; ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.commit=${rev}" ];
src = fetchFromGitHub { src = fetchFromGitHub {
name = "source-${rev}"; name = "source-${rev}";
inherit owner repo rev sha256; inherit owner repo rev hash;
}; };
# Move the provider to libexec # Move the provider to libexec

View file

@ -28,14 +28,14 @@ Options:
* --force: Force the update even if the version matches. * --force: Force the update even if the version matches.
* --no-build: Don't build provider * --no-build: Don't build provider
* --vendor-sha256 <sha256>: Override the SHA256 or "null". * --vendor-hash <SRI-hash>: Override the SHA256 or "null".
DOC DOC
} }
force= force=
provider= provider=
build=1 build=1
vendorSha256= vendorHash=
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
@ -51,9 +51,9 @@ while [[ $# -gt 0 ]]; do
build=0 build=0
shift shift
;; ;;
--vendor-sha256) --vendor-hash)
force=1 force=1
vendorSha256=$2 vendorHash=$2
shift 2 shift 2
;; ;;
*) *)
@ -93,14 +93,14 @@ repo_root=$(git rev-parse --show-toplevel)
generate_hash() { generate_hash() {
nix-prefetch -I nixpkgs="${repo_root}" \ nix-prefetch -I nixpkgs="${repo_root}" \
"{ sha256 }: (import ${repo_root} {}).terraform-providers.${provider}.$1.overrideAttrs (_: { $2 = sha256; })" "{ sha256 }: (import ${repo_root} {}).terraform-providers.${provider}.$1.overrideAttrs (_: { inherit sha256; })"
} }
echo_provider() { echo_provider() {
echo "== terraform-providers.${provider}: $* ==" echo "== terraform-providers.${provider}: $* =="
} }
pushd "$(dirname "$0")" pushd "$(dirname "$0")" >/dev/null
if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then
echo_provider "init" echo_provider "init"
@ -109,13 +109,13 @@ if [[ ${provider} =~ ^[^/]+/[^/]+$ ]]; then
update_attr "provider-source-address" "${source_address}" update_attr "provider-source-address" "${source_address}"
update_attr version "0" update_attr version "0"
# create empty stings so nix-prefetch works # create empty stings so nix-prefetch works
update_attr sha256 "" update_attr hash ""
update_attr vendorSha256 "" update_attr vendorHash ""
else else
source_address="$(read_attr provider-source-address)" source_address="$(read_attr provider-source-address)"
fi fi
old_vendor_sha256=$(read_attr vendorSha256) old_vendor_hash=$(read_attr vendorHash)
old_version=$(read_attr version) old_version=$(read_attr version)
# The provider source address (used inside Terraform `required_providers` block) is # The provider source address (used inside Terraform `required_providers` block) is
@ -127,7 +127,7 @@ old_version=$(read_attr version)
registry_response=$(curl -s https://"${source_address/\///v1/providers/}") registry_response=$(curl -s https://"${source_address/\///v1/providers/}")
version="$(jq -r '.version' <<<"${registry_response}")" version="$(jq -r '.version' <<<"${registry_response}")"
if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorSha256} && ${old_vendor_sha256} != "${vendorSha256}" ]]; then if [[ ${old_version} == "${version}" && ${force} != 1 && -z ${vendorHash} && ${old_vendor_hash} != "${vendorHash}" ]]; then
echo_provider "already at version ${version}" echo_provider "already at version ${version}"
exit exit
fi fi
@ -146,20 +146,20 @@ repo="$(echo "${provider_source_url}" | cut -d '/' -f 5)"
update_attr repo "${repo}" update_attr repo "${repo}"
rev="$(jq -r '.tag' <<<"${registry_response}")" rev="$(jq -r '.tag' <<<"${registry_response}")"
update_attr rev "${rev}" update_attr rev "${rev}"
echo_provider "calculating sha256" echo_provider "calculating hash"
sha256=$(generate_hash src outputHash) hash=$(generate_hash src)
update_attr sha256 "${sha256}" update_attr hash "${hash}"
if [[ -z ${vendorSha256} ]]; then if [[ -z ${vendorHash} ]]; then
if [[ ${old_vendor_sha256} == null ]]; then if [[ ${old_vendor_hash} == null ]]; then
vendorSha256=null vendorHash=null
else else
echo_provider "calculating vendorSha256" echo_provider "calculating vendorHash"
vendorSha256=$(generate_hash go-modules vendorSha256) vendorHash=$(generate_hash go-modules)
fi fi
fi fi
update_attr vendorSha256 "${vendorSha256}" update_attr vendorHash "${vendorHash}"
# Check that the provider builds # Check that the provider builds
if [[ ${build} == 1 ]]; then if [[ ${build} == 1 ]]; then
@ -167,4 +167,4 @@ if [[ ${build} == 1 ]]; then
nix-build --no-out-link "${repo_root}" -A "terraform-providers.${provider}" nix-build --no-out-link "${repo_root}" -A "terraform-providers.${provider}"
fi fi
popd popd >/dev/null