diff --git a/scripts/update-ai-mailer-hash b/scripts/update-ai-mailer-hash new file mode 100755 index 0000000..aaabf3f --- /dev/null +++ b/scripts/update-ai-mailer-hash @@ -0,0 +1,130 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +# Script directory +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" + +# Check if commit hash is provided +if [ $# -ne 1 ]; then + echo -e "${RED}Error: Commit hash required${NC}" + echo "Usage: $0 " + echo "Example: $0 6de059dca7cc9c053b56f26ff14edb77083fad73" + exit 1 +fi + +COMMIT_HASH="$1" + +# Validate commit hash format (basic check for 40-char hex or 7+ char short hash) +if ! [[ "$COMMIT_HASH" =~ ^[0-9a-f]{7,40}$ ]]; then + echo -e "${RED}Error: Invalid commit hash format${NC}" + echo "Commit hash must be 7-40 hexadecimal characters" + exit 1 +fi + +echo -e "${GREEN}==> Updating ai-mailer to commit: ${COMMIT_HASH}${NC}" + +# File to update +PKG_FILE="$REPO_ROOT/utils/pkgs/ai-mailer.nix" + +if [ ! -f "$PKG_FILE" ]; then + echo -e "${RED}Error: Package file not found: $PKG_FILE${NC}" + exit 1 +fi + +# Step 1: Update rev in package file +echo -e "${YELLOW}Step 1: Updating rev in package file...${NC}" +sed -i "s/rev = \"[0-9a-f]\{7,40\}\";/rev = \"$COMMIT_HASH\";/" "$PKG_FILE" +echo " ✓ Updated rev in $PKG_FILE" + +# Step 2: Set sha256 to lib.fakeHash to trigger hash discovery +echo -e "${YELLOW}Step 2: Setting sha256 to lib.fakeHash...${NC}" +sed -i 's/sha256 = "sha256-[^"]*";/sha256 = lib.fakeHash;/' "$PKG_FILE" +echo " ✓ Updated sha256 in $PKG_FILE" + +# Step 3: Build package to discover the correct source hash +echo -e "${YELLOW}Step 3: Building package to discover source hash...${NC}" +BUILD_OUTPUT=$(NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import { config.allowUnfree = true; }; callPackage $PKG_FILE { }" 2>&1 || true) + +# Extract source hash from error message +SOURCE_HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1) + +if [ -z "$SOURCE_HASH" ]; then + echo -e "${RED}Error: Failed to extract source hash from build output${NC}" + echo "Build output:" + echo "$BUILD_OUTPUT" + exit 1 +fi + +echo " ✓ Discovered sha256: $SOURCE_HASH" + +# Step 4: Update package file with the correct source hash +echo -e "${YELLOW}Step 4: Updating sha256 in package file...${NC}" +sed -i "s|sha256 = lib\.fakeHash;|sha256 = \"$SOURCE_HASH\";|" "$PKG_FILE" +echo " ✓ Updated sha256 in $PKG_FILE" + +# Step 5: Set vendorHash to lib.fakeHash to trigger hash discovery +echo -e "${YELLOW}Step 5: Setting vendorHash to lib.fakeHash...${NC}" +sed -i 's/vendorHash = "sha256-[^"]*";/vendorHash = lib.fakeHash;/' "$PKG_FILE" +echo " ✓ Updated vendorHash in $PKG_FILE" + +# Step 6: Build package to discover the correct vendor hash +echo -e "${YELLOW}Step 6: Building package to discover vendor hash...${NC}" +BUILD_OUTPUT=$(NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import { config.allowUnfree = true; }; callPackage $PKG_FILE { }" 2>&1 || true) + +# Extract vendor hash from error message +VENDOR_HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1) + +if [ -z "$VENDOR_HASH" ]; then + echo -e "${RED}Error: Failed to extract vendor hash from build output${NC}" + echo "Build output:" + echo "$BUILD_OUTPUT" + exit 1 +fi + +echo " ✓ Discovered vendorHash: $VENDOR_HASH" + +# Step 7: Update package file with the correct vendor hash +echo -e "${YELLOW}Step 7: Updating vendorHash in package file...${NC}" +sed -i "s|vendorHash = lib\.fakeHash;|vendorHash = \"$VENDOR_HASH\";|" "$PKG_FILE" +echo " ✓ Updated vendorHash in $PKG_FILE" + +# Step 8: Verify the build succeeds +echo -e "${YELLOW}Step 8: Verifying build with correct hashes...${NC}" +if NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import { config.allowUnfree = true; }; callPackage $PKG_FILE { }" > /dev/null 2>&1; then + echo " ✓ Build verification successful" +else + echo -e "${RED}Error: Build verification failed${NC}" + exit 1 +fi + +# Step 9: Test configuration for fw host (which uses ai-mailer) +echo -e "${YELLOW}Step 9: Testing fw configuration...${NC}" +cd "$REPO_ROOT" +if ./scripts/test-configuration fw > /dev/null 2>&1; then + echo " ✓ Configuration test passed" +else + echo -e "${RED}Warning: Configuration test failed${NC}" + echo "This may be due to missing secrets or other issues unrelated to the hash update." +fi + +# Success summary +echo -e "${GREEN}" +echo "======================================" +echo "✓ ai-mailer updated successfully!" +echo "======================================" +echo "Commit: $COMMIT_HASH" +echo "SourceHash: $SOURCE_HASH" +echo "VendorHash: $VENDOR_HASH" +echo -e "${NC}" +echo "Next steps:" +echo " 1. Review changes: git diff $PKG_FILE" +echo " 2. Test locally if needed" +echo " 3. Commit changes: git add $PKG_FILE && git commit -m 'update: ai-mailer to $COMMIT_HASH'" +echo " 4. Push to trigger automatic deployment" diff --git a/utils/pkgs/ai-mailer.nix b/utils/pkgs/ai-mailer.nix index eb10d82..9cefb34 100644 --- a/utils/pkgs/ai-mailer.nix +++ b/utils/pkgs/ai-mailer.nix @@ -6,8 +6,8 @@ buildGoModule rec { src = fetchgit { url = "https://git.cloonar.com/Paraclub/ai-mailer.git"; - rev = "56c9f764fcea2834fefac28f446b86c52f3274bd"; - sha256 = "sha256-zOabK0OWh0iHEL0kMC74i4rYnUlry57dGQE4k/wqDG0="; + rev = "6de059dca7cc9c053b56f26ff14edb77083fad73"; + sha256 = "sha256-EPW0yLu1XHejEsU25ACO5FjxxCneVMlLmy1ZEHYqFtQ="; }; vendorHash = "sha256-h4RaB891GXAkgObZHYil6BOvbYp6yJSRxRj40Fhchmw=";