1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
{
stdenvNoCC,
lib,
fetchurl,
writeScript,
nix,
runtimeShell,
curl,
cacert,
jq,
yq,
gnupg,
releaseManifestFile,
releaseInfoFile,
bootstrapSdkFile,
allowPrerelease,
}:
let
inherit (lib.importJSON releaseManifestFile) channel release;
pkg = stdenvNoCC.mkDerivation {
name = "update-dotnet-vmr-env";
nativeBuildInputs = [
nix
curl
cacert
jq
yq
gnupg
];
};
releaseKey = fetchurl {
url = "https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc";
hash = "sha256-F668QB55md0GQvoG0jeA66Fb2RbrsRhFTzTbXIX3GUo=";
};
drv = builtins.unsafeDiscardOutputDependency pkg.drvPath;
in
writeScript "update-dotnet-vmr.sh" ''
#! ${nix}/bin/nix-shell
#! nix-shell -i ${runtimeShell} --pure ${drv} --keep UPDATE_NIX_ATTR_PATH
set -euo pipefail
tag=''${1-}
if [[ -n $tag ]]; then
query=$(cat <<EOF
map(
select(
(.tag_name == "$tag"))) |
first
EOF
)
else
query=$(cat <<EOF
map(
select(
${lib.optionalString (!allowPrerelease) ".prerelease == false and"}
.draft == false and
(.tag_name | startswith("v${channel}")))) |
first
EOF
)
fi
query="$query "$(cat <<EOF
| (
.tag_name,
(.assets |
.[] |
select(.name == "release.json") |
.browser_download_url),
(.assets |
.[] |
select(.name | endswith(".tar.gz.sig")) |
.browser_download_url))
EOF
)
(
curl -fsSL https://api.github.com/repos/dotnet/dotnet/releases | \
jq -r "$query" \
) | (
read tagName
read releaseUrl
read sigUrl
tmp="$(mktemp -d)"
trap 'rm -rf "$tmp"' EXIT
echo ${lib.escapeShellArg (toString ./update.sh)} \
-o ${lib.escapeShellArg (toString bootstrapSdkFile)} --sdk foo
cd "$tmp"
curl -fsSL "$releaseUrl" -o release.json
release=$(jq -r .release release.json)
if [[ -z $tag && "$release" == "${release}" ]]; then
>&2 echo "release is already $release"
exit
fi
tarballUrl=https://github.com/dotnet/dotnet/archive/refs/tags/$tagName.tar.gz
mapfile -t prefetch < <(nix-prefetch-url --print-path "$tarballUrl")
tarballHash=$(nix-hash --to-sri --type sha256 "''${prefetch[0]}")
tarball=''${prefetch[1]}
curl -fssL "$sigUrl" -o release.sig
(
export GNUPGHOME=$PWD/.gnupg
trap 'gpgconf --kill all' EXIT
gpg --batch --import ${releaseKey}
gpg --batch --verify release.sig "$tarball"
)
tar --strip-components=1 --no-wildcards-match-slash --wildcards -xzf "$tarball" \*/eng/Versions.props \*/global.json
artifactsVersion=$(xq -r '.Project.PropertyGroup |
map(select(.PrivateSourceBuiltArtifactsVersion))
| .[] | .PrivateSourceBuiltArtifactsVersion' eng/Versions.props)
if [[ "$artifactsVersion" != "" ]]; then
artifactsUrl=https://dotnetcli.azureedge.net/source-built-artifacts/assets/Private.SourceBuilt.Artifacts.$artifactsVersion.centos.9-x64.tar.gz
else
artifactsUrl=$(xq -r '.Project.PropertyGroup |
map(select(.PrivateSourceBuiltArtifactsUrl))
| .[] | .PrivateSourceBuiltArtifactsUrl' eng/Versions.props)
fi
artifactsHash=$(nix-hash --to-sri --type sha256 "$(nix-prefetch-url "$artifactsUrl")")
sdkVersion=$(jq -r .tools.dotnet global.json)
jq --null-input \
--arg _0 "$tarballHash" \
--arg _1 "$artifactsUrl" \
--arg _2 "$artifactsHash" \
'{
"tarballHash": $_0,
"artifactsUrl": $_1,
"artifactsHash": $_2,
}' > "${toString releaseInfoFile}"
cp release.json "${toString releaseManifestFile}"
cd -
# needs to be run in nixpkgs
${lib.escapeShellArg (toString ./update.sh)} \
-o ${lib.escapeShellArg (toString bootstrapSdkFile)} --sdk "$sdkVersion"
$(nix-build -A $UPDATE_NIX_ATTR_PATH.fetch-deps --no-out-link)
)
''
|
