diff --git a/.forgejo/workflows/update-vscode-insiders.yml b/.forgejo/workflows/update-vscode-insiders.yml index 33c1486..4c0ec9c 100644 --- a/.forgejo/workflows/update-vscode-insiders.yml +++ b/.forgejo/workflows/update-vscode-insiders.yml @@ -7,15 +7,17 @@ on: jobs: update: - runs-on: x86_64 + runs-on: ubuntu-latest + steps: - name: Checkout code uses: actions/checkout@v4 - name: Check for new vscode-insiders release id: check + shell: bash run: | - source /etc/bashrc + source /etc/bashrc || true CURRENT_VERSION=$(grep 'version = ' pkgs/vscode-insiders/default.nix | head -1 | grep -oP '"[^"]+"' | tr -d '"') echo "Current version: $CURRENT_VERSION" @@ -25,45 +27,109 @@ jobs: if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then echo "Already up to date." - echo "updated=false" >> $GITHUB_OUTPUT + echo "updated=false" >> "$GITHUB_OUTPUT" exit 0 fi echo "New version found: $LATEST_VERSION" - echo "latest_version=$LATEST_VERSION" >> $GITHUB_OUTPUT - echo "updated=true" >> $GITHUB_OUTPUT + + echo "latest_version=$LATEST_VERSION" >> "$GITHUB_OUTPUT" + echo "updated=true" >> "$GITHUB_OUTPUT" - name: Update version and sha256 if: steps.check.outputs.updated == 'true' id: update + shell: bash run: | - source /etc/bashrc + source /etc/bashrc || true LATEST="${{ steps.check.outputs.latest_version }}" - URL="https://code.visualstudio.com/sha/download?build=insider&os=linux-x64" - echo "Fetching new sha256 for VSCode Insiders..." - NEW_SHA256=$(nix-prefetch-url --type sha256 "$URL" 2>/dev/null | tail -1) - NEW_SHA256_SRI=$(nix hash convert --hash-algo sha256 --to sri "$NEW_SHA256") - echo "New sha256 (SRI): $NEW_SHA256_SRI" + fetch_sri() { + local url="$1" - sed -i "s|version = \".*\";|version = \"${LATEST}\";|" pkgs/vscode-insiders/default.nix - sed -i "s|sha256 = \"sha256-.*\";|sha256 = \"${NEW_SHA256_SRI}\";|" pkgs/vscode-insiders/default.nix + HASH=$(nix-prefetch-url --type sha256 "$url" 2>/dev/null | tail -1) + nix hash convert --hash-algo sha256 --to sri "$HASH" + } - echo "new_sha256=$NEW_SHA256_SRI" >> $GITHUB_OUTPUT + echo "Fetching hashes..." + + LINUX_SHA=$(fetch_sri "https://code.visualstudio.com/sha/download?build=insider&os=linux-x64") + DARWIN_ARM_SHA=$(fetch_sri "https://code.visualstudio.com/sha/download?build=insider&os=darwin-arm64") + DARWIN_X64_SHA=$(fetch_sri "https://code.visualstudio.com/sha/download?build=insider&os=darwin") + + echo "Linux SHA: $LINUX_SHA" + echo "Darwin ARM SHA: $DARWIN_ARM_SHA" + echo "Darwin x64 SHA: $DARWIN_X64_SHA" + + export LATEST + export LINUX_SHA + export DARWIN_ARM_SHA + export DARWIN_X64_SHA + + python <<'PY' + import os + import re + from pathlib import Path + + path = Path("pkgs/vscode-insiders/default.nix") + text = path.read_text() + + text = re.sub( + r'version = ".*?";', + f'version = "{os.environ["LATEST"]}";', + text, + count=1 + ) + + text = re.sub( + r'(os=darwin-arm64";\s+sha256 = ").*?(";\s+)', + rf'\g<1>{os.environ["DARWIN_ARM_SHA"]}\2', + text, + count=1, + flags=re.S + ) + + text = re.sub( + r'(os=darwin";\s+sha256 = ").*?(";\s+)', + rf'\g<1>{os.environ["DARWIN_X64_SHA"]}\2', + text, + count=1, + flags=re.S + ) + + text = re.sub( + r'(os=linux-x64";\s+sha256 = ").*?(";\s+)', + rf'\g<1>{os.environ["LINUX_SHA"]}\2', + text, + count=1, + flags=re.S + ) + + path.write_text(text) + PY + + echo "linux_sha=$LINUX_SHA" >> "$GITHUB_OUTPUT" + echo "darwin_arm_sha=$DARWIN_ARM_SHA" >> "$GITHUB_OUTPUT" + echo "darwin_x64_sha=$DARWIN_X64_SHA" >> "$GITHUB_OUTPUT" - name: Verify build if: steps.check.outputs.updated == 'true' + shell: bash run: | - source /etc/bashrc - NIXPKGS_ALLOW_UNFREE=1 nix build .#vscode-insiders + source /etc/bashrc || true + + export NIXPKGS_ALLOW_UNFREE=1 + + nix build .#vscode-insiders - name: Create Pull Request if: steps.check.outputs.updated == 'true' env: API_FORGEJO_TOKEN: ${{ secrets.API_FORGEJO_TOKEN }} + shell: bash run: | - source /etc/bashrc + source /etc/bashrc || true LATEST="${{ steps.check.outputs.latest_version }}" BRANCH="update/vscode-insiders-${LATEST}" @@ -72,16 +138,20 @@ jobs: git config user.email "akiyama@mizuki.guru" git checkout -b "$BRANCH" + git add pkgs/vscode-insiders/default.nix + git commit -m "pkgs/vscode-insiders: update to ${LATEST}" REPO_URL=$(git remote get-url origin | sed 's|https://||') + git push "https://oauth2:${API_FORGEJO_TOKEN}@${REPO_URL}" "$BRANCH" FORGEJO_HOST=$(echo "$REPO_URL" | cut -d'/' -f1) REPO_PATH=$(echo "$REPO_URL" | cut -d'/' -f2-) - - curl -fsSL -X POST \ + + curl -fsSL \ + -X POST \ -H "Authorization: token ${API_FORGEJO_TOKEN}" \ -H "Content-Type: application/json" \ "https://${FORGEJO_HOST}/api/v1/repos/${REPO_PATH}/pulls" \ @@ -89,5 +159,4 @@ jobs: \"title\": \"pkgs/vscode-insiders: update to ${LATEST}\", \"head\": \"${BRANCH}\", \"base\": \"main\", - \"body\": \"Automated update of VSCode Insiders to version \`${LATEST}\`.\n\nNew SRI Hash: \`${{ steps.update.outputs.new_sha256 }}\`\" - }" \ No newline at end of file + \"body\": \"Automated update of VSCode Insiders to version \`${LATEST}\`.\n\nLinux SHA:\n\`${{ steps.update.outputs.linux_sha }}\`\n\nDarwin ARM SHA:\n\`${{ steps.update.outputs.darwin_arm_sha }}\`\n\nDarwin x64 SHA:\n\`${{ steps.update.outputs.darwin_x64_sha }}\`\"}" \ No newline at end of file diff --git a/pkgs/vscode-insiders/default.nix b/pkgs/vscode-insiders/default.nix index 379707a..cb0e230 100644 --- a/pkgs/vscode-insiders/default.nix +++ b/pkgs/vscode-insiders/default.nix @@ -1,9 +1,23 @@ { pkgs }: let - src = fetchTarball { + inherit (pkgs) stdenv; + + sysAttrs = if stdenv.hostPlatform.isDarwin then + if stdenv.hostPlatform.isAarch64 then { + url = "https://code.visualstudio.com/sha/download?build=insider&os=darwin-arm64-dmg"; + sha256 = "sha256-K+U6JtVNz1PRzL/0SIEK7RXwQu6LL3p+248Ywbn+mDc="; + } else { + url = "https://code.visualstudio.com/sha/download?build=insider&os=darwin-x64-dmg"; + sha256 = "sha256-ex0ESS9APZxgc7b96Q7EQbckUXE51LmTqDfsnN07W3I="; + } + else { url = "https://code.visualstudio.com/sha/download?build=insider&os=linux-x64"; - sha256 = "04brczgkvpkqrg018wss9z5hk56n4d58r1bd7zq83wsycma9mq2b"; + sha256 = "sha256-kE99FyilwwFv3zTCkufGwD3s1WwoJ2krg10l3Xy5PRE="; + }; + + src = fetchTarball { + inherit (sysAttrs) url sha256; }; in (pkgs.vscode.override { @@ -14,20 +28,23 @@ in isInsiders = true; inherit src; - buildInputs = (oldAttrs.buildInputs or []) ++ [ pkgs.krb5 pkgs.libsoup_3 pkgs.webkitgtk_4_1 ]; + buildInputs = (oldAttrs.buildInputs or []) + ++ stdenv.lib.optionals stdenv.hostPlatform.isLinux [ pkgs.krb5 pkgs.libsoup_3 pkgs.webkitgtk_4_1 ]; - prePatch = '' + prePatch = stdenv.lib.optionalString stdenv.hostPlatform.isLinux '' ${oldAttrs.prePatch or ""} mkdir -p resources/app/node_modules/@vscode/ripgrep/bin touch resources/app/node_modules/@vscode/ripgrep/bin/rg ''; - preFixup = '' + preFixup = if stdenv.hostPlatform.isDarwin then '' + ${oldAttrs.preFixup or ""} + '' else '' ${oldAttrs.preFixup or ""} rm -rf resources/app/node_modules/@github/copilot-linuxmusl-x64 ''; meta = (oldAttrs.meta or {}) // { - mainProgram = "code-insiders"; + mainProgram = if stdenv.hostPlatform.isDarwin then "code-insiders" else "code-insiders"; }; }) \ No newline at end of file