pkgs/tools/security/vaultwarden/update.nix

   1 { writeShellApplication
   2 , lib
   3 , nix
   4 , nix-prefetch-git
   5 , nix-update
   6 , curl
   7 , git
   8 , gnugrep
   9 , gnused
  10 , jq
  11 , yq
  12 }:
  13
  14 lib.getExe (writeShellApplication {
  15   name = "update-vaultwarden";
  16   runtimeInputs = [ curl git gnugrep gnused jq yq nix nix-prefetch-git nix-update ];
  17
  18   text = ''
  19     VAULTWARDEN_VERSION=$(curl --silent https://api.github.com/repos/dani-garcia/vaultwarden/releases/latest | jq -r '.tag_name')
  20     nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION"
  21
  22     URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/DockerSettings.yaml"
  23     WEBVAULT_VERSION="$(curl --silent "$URL" | yq -r ".vault_version" | sed s/^v//)"
  24     old_hash="$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash)"
  25     new_hash="$(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")"
  26     new_hash_sri="$(nix --extra-experimental-features nix-command hash to-sri --type sha256 "$new_hash")"
  27     sed -e "s#$old_hash#$new_hash_sri#" -i pkgs/tools/security/vaultwarden/webvault.nix
  28     nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION"
  29   '';
  30 })