#!/usr/bin/env bash set -euo pipefail # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color # Script directory SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" # Check if commit hash is provided if [ $# -ne 1 ]; then echo -e "${RED}Error: Commit hash required${NC}" echo "Usage: $0 " echo "Example: $0 6de059dca7cc9c053b56f26ff14edb77083fad73" exit 1 fi COMMIT_HASH="$1" # Validate commit hash format (basic check for 40-char hex or 7+ char short hash) if ! [[ "$COMMIT_HASH" =~ ^[0-9a-f]{7,40}$ ]]; then echo -e "${RED}Error: Invalid commit hash format${NC}" echo "Commit hash must be 7-40 hexadecimal characters" exit 1 fi echo -e "${GREEN}==> Updating ai-mailer to commit: ${COMMIT_HASH}${NC}" # File to update PKG_FILE="$REPO_ROOT/utils/pkgs/ai-mailer.nix" if [ ! -f "$PKG_FILE" ]; then echo -e "${RED}Error: Package file not found: $PKG_FILE${NC}" exit 1 fi # Step 1: Update rev in package file echo -e "${YELLOW}Step 1: Updating rev in package file...${NC}" sed -i "s/rev = \"[0-9a-f]\{7,40\}\";/rev = \"$COMMIT_HASH\";/" "$PKG_FILE" echo " ✓ Updated rev in $PKG_FILE" # Step 2: Set sha256 to lib.fakeHash to trigger hash discovery echo -e "${YELLOW}Step 2: Setting sha256 to lib.fakeHash...${NC}" sed -i 's/sha256 = "sha256-[^"]*";/sha256 = lib.fakeHash;/' "$PKG_FILE" echo " ✓ Updated sha256 in $PKG_FILE" # Step 3: Build package to discover the correct source hash echo -e "${YELLOW}Step 3: Building package to discover source hash...${NC}" BUILD_OUTPUT=$(NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import { config.allowUnfree = true; }; callPackage $PKG_FILE { }" 2>&1 || true) # Extract source hash from error message SOURCE_HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1) if [ -z "$SOURCE_HASH" ]; then echo -e "${RED}Error: Failed to extract source hash from build output${NC}" echo "Build output:" echo "$BUILD_OUTPUT" exit 1 fi echo " ✓ Discovered sha256: $SOURCE_HASH" # Step 4: Update package file with the correct source hash echo -e "${YELLOW}Step 4: Updating sha256 in package file...${NC}" sed -i "s|sha256 = lib\.fakeHash;|sha256 = \"$SOURCE_HASH\";|" "$PKG_FILE" echo " ✓ Updated sha256 in $PKG_FILE" # Step 5: Set vendorHash to lib.fakeHash to trigger hash discovery echo -e "${YELLOW}Step 5: Setting vendorHash to lib.fakeHash...${NC}" sed -i 's/vendorHash = "sha256-[^"]*";/vendorHash = lib.fakeHash;/' "$PKG_FILE" echo " ✓ Updated vendorHash in $PKG_FILE" # Step 6: Build package to discover the correct vendor hash echo -e "${YELLOW}Step 6: Building package to discover vendor hash...${NC}" BUILD_OUTPUT=$(NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import { config.allowUnfree = true; }; callPackage $PKG_FILE { }" 2>&1 || true) # Extract vendor hash from error message VENDOR_HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1) if [ -z "$VENDOR_HASH" ]; then echo -e "${RED}Error: Failed to extract vendor hash from build output${NC}" echo "Build output:" echo "$BUILD_OUTPUT" exit 1 fi echo " ✓ Discovered vendorHash: $VENDOR_HASH" # Step 7: Update package file with the correct vendor hash echo -e "${YELLOW}Step 7: Updating vendorHash in package file...${NC}" sed -i "s|vendorHash = lib\.fakeHash;|vendorHash = \"$VENDOR_HASH\";|" "$PKG_FILE" echo " ✓ Updated vendorHash in $PKG_FILE" # Step 8: Verify the build succeeds echo -e "${YELLOW}Step 8: Verifying build with correct hashes...${NC}" if NIXPKGS_ALLOW_UNFREE=1 nix-build --impure -E "with import { config.allowUnfree = true; }; callPackage $PKG_FILE { }" > /dev/null 2>&1; then echo " ✓ Build verification successful" else echo -e "${RED}Error: Build verification failed${NC}" exit 1 fi # Step 9: Test configuration for fw host (which uses ai-mailer) echo -e "${YELLOW}Step 9: Testing fw configuration...${NC}" cd "$REPO_ROOT" if ./scripts/test-configuration fw > /dev/null 2>&1; then echo " ✓ Configuration test passed" else echo -e "${RED}Warning: Configuration test failed${NC}" echo "This may be due to missing secrets or other issues unrelated to the hash update." fi # Success summary echo -e "${GREEN}" echo "======================================" echo "✓ ai-mailer updated successfully!" echo "======================================" echo "Commit: $COMMIT_HASH" echo "SourceHash: $SOURCE_HASH" echo "VendorHash: $VENDOR_HASH" echo -e "${NC}" echo "Next steps:" echo " 1. Review changes: git diff $PKG_FILE" echo " 2. Test locally if needed" echo " 3. Commit changes: git add $PKG_FILE && git commit -m 'update: ai-mailer to $COMMIT_HASH'" echo " 4. Push to trigger automatic deployment"