diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9e74d83f..8e0c36ef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: mac: uses: ./.github/workflows/std.yml with: - runs-on: macOS-12 + runs-on: macOS-13 secrets: inherit linux: diff --git a/src/local/flake.lock b/src/local/flake.lock index c91cce84..0bbffbb3 100644 --- a/src/local/flake.lock +++ b/src/local/flake.lock @@ -364,13 +364,13 @@ "yants": "yants" }, "locked": { - "lastModified": 1, - "narHash": "sha256-R+kgZygzHmVjdN64mJqNzZd8wj2wW4goAGb9bfrnnGk=", - "path": "/nix/store/w579nzy4r8siqn3xv5qh17qw0463jp6i-source", + "lastModified": 0, + "narHash": "sha256-XnaA3tCS63IMY04wTMqJ5EX47X0fDM9J+0dg6TxXvz8=", + "path": "/nix/store/5pmjinxmq96n3k708s8qii01awbr9w09-source", "type": "path" }, "original": { - "path": "/nix/store/w579nzy4r8siqn3xv5qh17qw0463jp6i-source", + "path": "/nix/store/5pmjinxmq96n3k708s8qii01awbr9w09-source", "type": "path" } }, diff --git a/src/std/fwlib/actions/build-proviso.sh b/src/std/fwlib/actions/build-proviso.sh index 88bf67f9..94a49329 100644 --- a/src/std/fwlib/actions/build-proviso.sh +++ b/src/std/fwlib/actions/build-proviso.sh @@ -1,11 +1,11 @@ declare action="$1" declare targetDrv -eval "$(jq -r '@sh "targetDrv=\(.targetDrv)"' <<< "$action" )" +eval "$(jq -r '@sh "targetDrv=\(.targetDrv)"' <<<"$action")" mapfile -t uncached < <( - command nix-store --realise --dry-run "$targetDrv" 2>&1 1>/dev/null \ - | command sed -nr ' + command nix-store --realise --dry-run "$targetDrv" 2>&1 1>/dev/null | + command sed -nE ' # If the line "will be built" is matched ... /will be built/ { # Create a label to iterate over dervivations @@ -28,18 +28,17 @@ mapfile -t uncached < <( ' ) -if [[ ${#uncached[@]} -eq 0 ]]; -then +if [[ ${#uncached[@]} -eq 0 ]]; then exit 1 fi if ! ( - command nix show-derivation ''${uncached[@]} 2> /dev/null \ - | command jq --exit-status \ - ' with_entries( + command nix show-derivation ''${uncached[@]} 2>/dev/null | + command jq --exit-status \ + ' with_entries( select(.value|.env.preferLocalBuild != "1") ) | any - ' 1> /dev/null + ' 1>/dev/null ); then exit 1 fi diff --git a/src/std/fwlib/blockTypes/_postDiffToGitHubSnippet.nix b/src/std/fwlib/blockTypes/_postDiffToGitHubSnippet.nix new file mode 100644 index 00000000..92f3906f --- /dev/null +++ b/src/std/fwlib/blockTypes/_postDiffToGitHubSnippet.nix @@ -0,0 +1,70 @@ +_: marker: diff_output: summary: '' + if [[ -v CI ]] && [[ -v BRANCH ]] && [[ -v OWNER_AND_REPO ]] && command -v gh > /dev/null ; then + + OWNER_REPO_NAME=$(gh repo view "$OWNER_AND_REPO" --json nameWithOwner --jq '.nameWithOwner') + + if ! gh pr view "$BRANCH" --repo "$OWNER_REPO_NAME" >/dev/null 2>&1; then + exit 0 + fi + + # Proceed only if there is output + if [[ -z "${diff_output}" ]]; then + exit 0 + fi + + CENTRAL_COMMENT_HEADER="" + ENTRY_START_MARKER="" + ENTRY_END_MARKER="" + + # Use the provided summary + DIFF_ENTRY=$(cat < +${summary} + +\`\`\`diff +${diff_output} +\`\`\` + + +$ENTRY_END_MARKER +EOF + ) + + PR_NUMBER=$(gh pr view "$BRANCH" --repo "$OWNER_REPO_NAME" --json number --jq '.number') + + EXISTING_COMMENT_ID=$(gh api "repos/$OWNER_REPO_NAME/issues/$PR_NUMBER/comments?per_page=100" --jq ".[] | select(.body | contains(\"$CENTRAL_COMMENT_HEADER\")) | .id" | head -n 1) + + if [[ -n "$EXISTING_COMMENT_ID" ]]; then + EXISTING_BODY=$(gh api "repos/$OWNER_REPO_NAME/issues/comments/$EXISTING_COMMENT_ID" --jq '.body') + + if echo "$EXISTING_BODY" | grep -q "$ENTRY_START_MARKER"; then + UPDATED_BODY=$(echo "$EXISTING_BODY" | sed -e "\#$ENTRY_START_MARKER#,\#$ENTRY_END_MARKER#d") + else + UPDATED_BODY="$EXISTING_BODY" + fi + + UPDATED_BODY="$UPDATED_BODY +$DIFF_ENTRY" + + echo "Updating existing comment..." + gh api --method PATCH "repos/$OWNER_REPO_NAME/issues/comments/$EXISTING_COMMENT_ID" -f body="$UPDATED_BODY" --jq '.html_url' + + else + NEW_COMMENT=$(cat < /dev/null ; then + ${postDiffToGitHubSnippet "${fragmentRelPath}:diff" "$(diff || true)" "std ${fragmentRelPath}:diff"} - set +e # diff exits 1 if diff existed - read -r -d "" DIFFSTREAM <Preview - - \`\`\`diff - $(diff) - \`\`\` - - - DIFF - set -e # we're past the invocation of diff - - if ! gh pr --repo "$OWNER_AND_REPO" comment "$BRANCH" --edit-last -b "$DIFFSTREAM"; then - echo "Make a first post ..." - gh pr --repo "$OWNER_AND_REPO" comment "$BRANCH" -b "$DIFFSTREAM" - fi - else - KUBECTL_EXTERNAL_DIFF="icdiff -N -r" - export KUBECTL_EXTERNAL_DIFF - diff - fi + KUBECTL_EXTERNAL_DIFF="icdiff -N -r" + export KUBECTL_EXTERNAL_DIFF + diff '' {}) (mkCommand currentSystem "apply" "Apply the manifests to K8s" [pkgs.kubectl pkgs.icdiff] '' ${build} diff --git a/src/std/fwlib/blockTypes/nvfetcher.nix b/src/std/fwlib/blockTypes/nvfetcher.nix index c6544769..5606d235 100644 --- a/src/std/fwlib/blockTypes/nvfetcher.nix +++ b/src/std/fwlib/blockTypes/nvfetcher.nix @@ -40,7 +40,7 @@ in --changelog "$tmpfile" \ --filter "^$targetname$" - sed -i -e "s|^|- \`$(date --iso-8601=m)\` |" "$tmpfile" + sed -i '''' -e "s|^|- \`$(date --iso-8601=m)\` |" "$tmpfile" cat "$tmpfile" >> "$updates" '' {}) ]; diff --git a/src/std/fwlib/blockTypes/terra.nix b/src/std/fwlib/blockTypes/terra.nix index ee14b805..c9116bf2 100644 --- a/src/std/fwlib/blockTypes/terra.nix +++ b/src/std/fwlib/blockTypes/terra.nix @@ -21,11 +21,11 @@ Available actions: */ let inherit (root) mkCommand; - inherit (super) addSelectorFunctor; + inherit (super) addSelectorFunctor postDiffToGitHubSnippet; in name: repo: { inherit name; - __functor = self: selectors: self // selectors; + __functor = addSelectorFunctor; type = "terra"; actions = { currentSystem, @@ -37,12 +37,8 @@ in inherit (inputs) terranix; pkgs = inputs.nixpkgs.${currentSystem}; - repoFolder = with pkgs.lib; - concatStringsSep "/" (["./nix"] ++ (init (splitString "/" fragmentRelPath))); - git = { inherit repo; - # repo = "git@github.com:myorg/myrepo.git"; ref = "main"; state = fragmentRelPath + "/state.json"; }; @@ -60,15 +56,16 @@ in .config); setup = '' + export TF_VAR_fragment=${pkgs.lib.strings.escapeShellArg fragment} + export TF_VAR_fragmentRelPath=${fragmentRelPath} export TF_IN_AUTOMATION=1 - # export TF_INPUT=0 export TF_DATA_DIR="$PRJ_DATA_HOME/${fragmentRelPath}" export TF_PLUGIN_CACHE_DIR="$PRJ_CACHE_HOME/tf-plugin-cache" mkdir -p "$TF_DATA_DIR" mkdir -p "$TF_PLUGIN_CACHE_DIR" - dir="$PRJ_ROOT/${repoFolder}/.tf" - mkdir -p "$PRJ_ROOT/${repoFolder}/.tf" - cat << MESSAGE > "$PRJ_ROOT/${repoFolder}/.tf/readme.md" + dir="$PRJ_ROOT/.tf/${fragmentRelPath}/.tf" + mkdir -p "$dir" + cat << MESSAGE > "$dir/readme.md" This is a tf staging area. It is motivated by the terraform CLI requiring to be executed in a staging area. MESSAGE @@ -76,16 +73,29 @@ in if [[ -e "$dir/config.tf.json" ]]; then rm -f "$dir/config.tf.json"; fi jq '.' ${terraformConfiguration} > "$dir/config.tf.json" ''; - wrap = cmd: '' ${setup} + + # Run the command and capture output terraform-backend-git git \ --dir "$dir" \ --repository ${git.repo} \ --ref ${git.ref} \ --state ${git.state} \ - terraform ${cmd} "$@"; + terraform ${cmd} "$@" \ + ${pkgs.lib.optionalString (cmd == "plan") '' + -lock=false -no-color | tee "$PRJ_CACHE_HOME/tf.console.txt" + ''} + + # Pass output to the snippet + ${pkgs.lib.optionalString (cmd == "plan") '' + output=$(cat "$PRJ_CACHE_HOME/tf.console.txt") + summary_plan=$(tac "$PRJ_CACHE_HOME/tf.console.txt" | grep -m 1 -E '^(Error:|Plan:|Apply complete!|No changes.|Success)' | tac || echo "View output.") + summary="std ${fragmentRelPath}:${cmd}: $summary_plan" + ${postDiffToGitHubSnippet "${fragmentRelPath}:${cmd}" "$output" "$summary"} + ''} ''; + in [ (mkCommand currentSystem "init" "tf init" [pkgs.jq pkgs.terraform pkgs.terraform-backend-git] (wrap "init") {}) (mkCommand currentSystem "plan" "tf plan" [pkgs.jq pkgs.terraform pkgs.terraform-backend-git] (wrap "plan") {}) diff --git a/src/tests/flake.lock b/src/tests/flake.lock index 61d7f383..f9f92882 100644 --- a/src/tests/flake.lock +++ b/src/tests/flake.lock @@ -358,17 +358,17 @@ ] }, "locked": { - "lastModified": 1685739139, - "narHash": "sha256-CLGEW11Fo1v4vj0XSqiyW1EbhRZFO7dkgM43eKwItrk=", + "lastModified": 1723542174, + "narHash": "sha256-qI1C854yrNLWlpsnd4bARk6ajp9z0rhBl1EF0Aew6gs=", "owner": "nix-community", "repo": "namaka", - "rev": "d9a2cc83c1d0f68bd613f1fc909d0ef2cfffcf2e", + "rev": "ecefdd6d1e0e075403a69202c2695f966ea2f412", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.2.0", "repo": "namaka", + "rev": "ecefdd6d1e0e075403a69202c2695f966ea2f412", "type": "github" } }, @@ -538,13 +538,13 @@ "yants": "yants" }, "locked": { - "lastModified": 1, - "narHash": "sha256-4jz2Kz+zKEbGJnpnE5PUqWp2GAthNhP+zIC8wLJqn28=", - "path": "/nix/store/ilww27xvk5605hxhx8b6xlw14ky4qhrp-source", + "lastModified": 0, + "narHash": "sha256-fiGxfoXDVBJzBLpoxPwdM/AcRq/dNIeZLNrMqgmuhNk=", + "path": "/nix/store/b0qrhagsdpgyw9hx9wzrszwsdg5wfnnd-source", "type": "path" }, "original": { - "path": "/nix/store/ilww27xvk5605hxhx8b6xlw14ky4qhrp-source", + "path": "/nix/store/b0qrhagsdpgyw9hx9wzrszwsdg5wfnnd-source", "type": "path" } }, diff --git a/src/tests/flake.nix b/src/tests/flake.nix index 76e9ac4b..7861e7c6 100644 --- a/src/tests/flake.nix +++ b/src/tests/flake.nix @@ -13,7 +13,7 @@ terranix.inputs.terranix-examples.follows = ""; terranix.inputs.bats-support.follows = ""; terranix.inputs.bats-assert.follows = ""; - namaka.url = "github:nix-community/namaka/v0.2.0"; + namaka.url = "github:nix-community/namaka/ecefdd6d1e0e075403a69202c2695f966ea2f412"; namaka.inputs.haumea.follows = "std/haumea"; namaka.inputs.nixpkgs.follows = "std/nixpkgs"; makes.url = "github:fluidattacks/makes"; diff --git a/tests/_snapshots/check-augmented-cell-inputs b/tests/_snapshots/check-augmented-cell-inputs index 37fa053f..126630fa 100644 --- a/tests/_snapshots/check-augmented-cell-inputs +++ b/tests/_snapshots/check-augmented-cell-inputs @@ -12,7 +12,7 @@ makes = "/nix/store/71rzg7vs53gmxqph64d9zqf4ns928c6c-source"; microvm = "/nix/store/v5za7dzczgcvfvqgcm80qari3msyhw6b-source"; n2c = "/nix/store/rgd4s5ylv38p94wi6vays6wc1a0l5iyf-source"; - namaka = "/nix/store/xgzvi3baaaz9lpymfv6f1fgxfmy0ygvv-source"; + namaka = "/nix/store/prb836vl3r64l97045clfli0d5m5fyap-source"; nixago = "/nix/store/cys15p6lyyhj85bk4bckn82waih2l945-source"; nixpkgs = "/nix/store/g8zzlf6drg73c987ii390yicq4c0j778-source"; paisano = "/nix/store/4v8nn2z2vl74yz1557n1dha3l7rzzbgs-source";