with lib;
let
cfg = config.system.autoUpgradeWithPinch;
- pull-repo-script =
- pkgs.writeShellScript "pull-repo" ''
- set -eo pipefail
-
- path=$1
- config=$2
-
- prop() {
- ${pkgs.jq}/bin/jq -r ".$1" <<< "$config"
- }
-
- echo Pulling in "$path" >&2
-
- if [[ ! -e "$path" ]];then
- d=$(mktemp -d)
- ${pkgs.git}/bin/git init "$d"
- ${pkgs.git}/bin/git -C "$d" checkout -b "$(prop localBranch)"
- ${pkgs.git}/bin/git -C "$d" remote add "$(prop remoteName)" "$(prop url)"
- ${pkgs.git}/bin/git -C "$d" branch -u "$(prop remoteBranch)"
- mkdir -p "$(${pkgs.coreutils}/bin/dirname "$path")"
- mv "$d" "$path"
- fi
-
- cd "$path"
-
- if [[ "$(${pkgs.git}/bin/git remote get-url "$(prop remoteName)")" != "$(prop url)" ]]; then
- echo Expected git remote "$(prop remoteName)" to point at "$(prop url)" \
- but it points at "$(${pkgs.git}/bin/git remote get-url "$(prop remoteName)")" >&2
- case "$(prop onRemoteURLMismatch)" in
- abort) exit 1;;
- update) echo Updating it >&2
- ${pkgs.git}/bin/git -C "$d" remote set-url "$(prop remoteName)" "$(prop url)";;
- esac
- fi
-
- ${pkgs.git}/bin/git fetch "$(prop remoteName)" "$(prop remoteBranch)"
-
- if [[ "$(${pkgs.git}/bin/git rev-parse --abbrev-ref HEAD)" != "$(prop localBranch)" ]];then
- echo Could not merge because currently-checked-out \
- \""$(${pkgs.git}/bin/git rev-parse --abbrev-ref HEAD)"\" is not \
- \""$(prop localBranch)"\"
- case "$(prop onBranchMismatch)" in
- abort) exit 1;;
- continue) exit 0;;
- esac
- fi
-
- if [[ "$(prop requireSignature)" == true ]]; then
- ${pkgs.polite-merge}/bin/polite-merge \
- -c gpg.program=${escapeShellArg (pkgs.keyedgpg cfg.signingKeys)} \
- merge --ff-only --verify-signatures
- else
- ${pkgs.polite-merge}/bin/polite-merge merge --ff-only
- fi
- '';
+ pull-repo-script = pkgs.writeShellScript "pull-repo" ''
+ set -eo pipefail
+
+ path=$1
+ config=$2
+
+ prop() {
+ ${pkgs.jq}/bin/jq -r ".$1" <<< "$config"
+ }
+
+ echo Pulling in "$path" >&2
+
+ if [[ ! -e "$path" ]];then
+ d=$(mktemp -d)
+ ${pkgs.git}/bin/git init "$d"
+ ${pkgs.git}/bin/git -C "$d" checkout -b "$(prop localBranch)"
+ ${pkgs.git}/bin/git -C "$d" remote add "$(prop remoteName)" "$(prop url)"
+ ${pkgs.git}/bin/git -C "$d" branch -u "$(prop remoteBranch)"
+ mkdir -p "$(${pkgs.coreutils}/bin/dirname "$path")"
+ mv "$d" "$path"
+ fi
+
+ cd "$path"
+
+ if [[ "$(${pkgs.git}/bin/git remote get-url "$(prop remoteName)")" != "$(prop url)" ]]; then
+ echo Expected git remote "$(prop remoteName)" to point at "$(prop url)" \
+ but it points at "$(${pkgs.git}/bin/git remote get-url "$(prop remoteName)")" >&2
+ case "$(prop onRemoteURLMismatch)" in
+ abort) exit 1;;
+ update) echo Updating it >&2
+ ${pkgs.git}/bin/git -C "$d" remote set-url "$(prop remoteName)" "$(prop url)";;
+ esac
+ fi
+
+ ${pkgs.git}/bin/git fetch "$(prop remoteName)" "$(prop remoteBranch)"
+
+ if [[ "$(${pkgs.git}/bin/git rev-parse --abbrev-ref HEAD)" != "$(prop localBranch)" ]];then
+ echo Could not merge because currently-checked-out \
+ \""$(${pkgs.git}/bin/git rev-parse --abbrev-ref HEAD)"\" is not \
+ \""$(prop localBranch)"\"
+ case "$(prop onBranchMismatch)" in
+ abort) exit 1;;
+ continue) exit 0;;
+ esac
+ fi
+
+ if [[ "$(prop requireSignature)" == true ]]; then
+ ${pkgs.polite-merge}/bin/polite-merge \
+ -c gpg.program=${escapeShellArg (pkgs.keyedgpg cfg.signingKeys)} \
+ merge --ff-only --verify-signatures
+ else
+ ${pkgs.polite-merge}/bin/polite-merge merge --ff-only
+ fi
+ '';
auto-upgrade-script = pkgs.writeShellScript "auto-upgrade" ''
${pkgs.utillinux}/bin/flock /run/auto-upgrade-with-pinch ${