Script PR auto

services/auto-pr.nix

@@ -0,0 +1,44 @@
+{lib, config, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.auto-pr;
+in
+{
+  options.services.auto-pr = {
+    enable = mkEnableOption "Cron job PR mise à jour automatique";
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.auto-pr-bot = {
+      description = "Création d'un PR si mise à jour";
+      requires = ["network-online.target"];
+      environment = { HOME = "/var/lib/auto-pr-bot"; };
+      serviceConfig = {
+        DynamicUser = true;
+        CacheDirectory = "auto-pr-bot";
+        StateDirectory = "auto-pr-bot";
+        Type = "oneshot";
+        ExecStart = with pkgs;
+          let env = python3Packages.python.buildEnv.override {
+            extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ];
+            ignoreCollisions = true;
+          };
+        in "${pkgs.writeShellScriptBin "run.sh" ''
+          ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot
+        ''}/bin/run.sh";
+      };
+    };
+
+    systemd.timers.auto-pr-bot = {
+      description = "Timer auto PR bot";
+      requires = ["network-online.target"];
+      wantedBy = ["multi-user.target"];
+      timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; };
+    };
+
+  };
+
+}

services/pr-autobot.py

@@ -0,0 +1,67 @@
+#!/usr/bin/env python
+
+import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap
+from github import Github
+from colorama import Fore, Style
+
+parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork')
+parser.add_argument('--private-key')
+parser.add_argument('--app-id')
+parser.add_argument('--installation-id')
+parser.add_argument('--repo')
+parser.add_argument('--cache-dir')
+args = vars(parser.parse_args())
+
+channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-18.09-small/git-revision')
+latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8')
+try:
+    previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read()
+except FileNotFoundError:
+    open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit)
+    print("Premier lancement, le hash du dernier commit à été sauvegardé")
+    sys.exit(0)
+
+print("Dernier commit : " + latest_commit)
+print("Commit précédent : " + previous_commit)
+
+if latest_commit != previous_commit:
+    bearer_token = jwt.encode({
+                                'iat': int(time.time()),
+                                'exp': int(time.time()) + (10 * 60),
+                                'iss': args['app_id']
+                              },
+                              open(args['private_key'],"r").read(),
+                              algorithm='RS256')
+
+    req = urllib.request.Request(url='https://api.github.com/app/installations/' +
+                                    args['installation_id'] +
+                                    '/access_tokens',
+                                 method='POST')
+
+    req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8'))
+    req.add_header('Accept', 'application/vnd.github.machine-man-preview+json')
+
+    token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token']
+
+    g = Github(token)
+    repo = g.get_repo(args['repo'])
+
+    branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11];
+
+    repo.create_git_ref('refs/heads/' + branch, latest_commit)
+
+    pr_message = textwrap.dedent("""\
+                    ### Pull request automatique
+                    ### Avancement mise à jour
+                    - [ ] Fusionner la branche
+                    - [ ] Mettre à jour le repo local
+                    - [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/""" + latest_commit + """.tar.gz switch`
+                 """)
+
+    pr = repo.create_pull(title=branch, body=pr_message, base='nixos-18.09', head=branch)
+
+    print("Pull request numéro " + pr.id + " créée")
+    print("URL : " + pr.html_url)
+    print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL)
+else:
+    print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL)

systems/LoutreOS/services.nix

@@ -17,6 +17,7 @@ in
     ../../services/mail-server.nix
     ../../services/site-musique.nix
     ../../services/site-max.nix
+    ../../services/auto-pr.nix
     ../../containers/vsftpd.nix
   ];
 
@@ -353,6 +354,8 @@ in
       port = max_port;
       domaine = "maxspiegel.fr";
     };
+
+    auto-pr.enable = true;
   };
 
   /*