diff --git a/services/auto-pr.nix b/services/auto-pr.nix new file mode 100644 index 0000000..0ac765c --- /dev/null +++ b/services/auto-pr.nix @@ -0,0 +1,44 @@ +{lib, config, pkgs, ... }: + +with lib; + +let + cfg = config.services.auto-pr; +in +{ + options.services.auto-pr = { + enable = mkEnableOption "Cron job PR mise à jour automatique"; + }; + + config = mkIf cfg.enable { + + systemd.services.auto-pr-bot = { + description = "Création d'un PR si mise à jour"; + requires = ["network-online.target"]; + environment = { HOME = "/var/lib/auto-pr-bot"; }; + serviceConfig = { + DynamicUser = true; + CacheDirectory = "auto-pr-bot"; + StateDirectory = "auto-pr-bot"; + Type = "oneshot"; + ExecStart = with pkgs; + let env = python3Packages.python.buildEnv.override { + extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ]; + ignoreCollisions = true; + }; + in "${pkgs.writeShellScriptBin "run.sh" '' + ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot + ''}/bin/run.sh"; + }; + }; + + systemd.timers.auto-pr-bot = { + description = "Timer auto PR bot"; + requires = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; }; + }; + + }; + +} diff --git a/services/pr-autobot.py b/services/pr-autobot.py new file mode 100755 index 0000000..26c313c --- /dev/null +++ b/services/pr-autobot.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python + +import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap +from github import Github +from colorama import Fore, Style + +parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork') +parser.add_argument('--private-key') +parser.add_argument('--app-id') +parser.add_argument('--installation-id') +parser.add_argument('--repo') +parser.add_argument('--cache-dir') +args = vars(parser.parse_args()) + +channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-18.09-small/git-revision') +latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8') +try: + previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read() +except FileNotFoundError: + open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) + print("Premier lancement, le hash du dernier commit à été sauvegardé") + sys.exit(0) + +print("Dernier commit : " + latest_commit) +print("Commit précédent : " + previous_commit) + +if latest_commit != previous_commit: + bearer_token = jwt.encode({ + 'iat': int(time.time()), + 'exp': int(time.time()) + (10 * 60), + 'iss': args['app_id'] + }, + open(args['private_key'],"r").read(), + algorithm='RS256') + + req = urllib.request.Request(url='https://api.github.com/app/installations/' + + args['installation_id'] + + '/access_tokens', + method='POST') + + req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8')) + req.add_header('Accept', 'application/vnd.github.machine-man-preview+json') + + token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token'] + + g = Github(token) + repo = g.get_repo(args['repo']) + + branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11]; + + repo.create_git_ref('refs/heads/' + branch, latest_commit) + + pr_message = textwrap.dedent("""\ + ### Pull request automatique + ### Avancement mise à jour + - [ ] Fusionner la branche + - [ ] Mettre à jour le repo local + - [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/""" + latest_commit + """.tar.gz switch` + """) + + pr = repo.create_pull(title=branch, body=pr_message, base='nixos-18.09', head=branch) + + print("Pull request numéro " + pr.id + " créée") + print("URL : " + pr.html_url) + print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL) +else: + print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 856c387..c785a5d 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -17,6 +17,7 @@ in ../../services/mail-server.nix ../../services/site-musique.nix ../../services/site-max.nix + ../../services/auto-pr.nix ../../containers/vsftpd.nix ]; @@ -353,6 +354,8 @@ in port = max_port; domaine = "maxspiegel.fr"; }; + + auto-pr.enable = true; }; /*