From 03885d7badefb1877341c71935d5a21203081e0c Mon Sep 17 00:00:00 2001
From: Matthew Kenigsberg <matthew@floxdev.com>
Date: Tue, 19 Nov 2024 16:43:47 -0700
Subject: [PATCH] Rework release-script to use GitHub releases

Instead of committing builds of the installer to the prerelease branch
using a cronjob, create draft GitHub releases on workflow dispatch.

The release includes the nix-installer.sh script to allow running
`curl https://github.com/NixOS/experimental-nix-installer/releases/download/v0.27.0/nix-installer.sh | bash`

Or to get the latest release:
`curl https://github.com/NixOS/experimental-nix-installer/releases/latest/download/nix-installer.sh | bash`

Alternatively, binaries for each system can be downloaded from the
release directly.

One downside of this approach is that the version number is hardcoded in
nix-installer.sh, and we'll have to bump it every time we do a release.

The release job will error if there's a rev mismatch between the flake
built by Hydra and the rev the job is run from. This means we'll only be
able to run the job off of main.

For testing, a Hydra eval ID can be specified, which skips the rev check. This
will create a draft release using the artifacts from that Hydra eval even if
there is a revision and/or version mismatch.
---
 .github/workflows/release-script.yml | 17 ++++-----
 assemble_installer.py                | 53 +++++++++++++++++++++++++---
 nix-installer.sh                     |  2 +-
 3 files changed, 56 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/release-script.yml b/.github/workflows/release-script.yml
index e8b326272..7109d348c 100644
--- a/.github/workflows/release-script.yml
+++ b/.github/workflows/release-script.yml
@@ -1,9 +1,11 @@
 name: Generate Installer Script
 
 on:
-  schedule:
-    - cron: '10 * * * *'
   workflow_dispatch: # Allows manual triggering of the workflow
+    inputs:
+      TESTING_HYDRA_EVAL_ID:
+        description: "Eval ID of Hydra job to use artifacts from for testing"
+        default: ""
 
 jobs:
   build:
@@ -13,12 +15,7 @@ jobs:
       uses: actions/checkout@v4
     - uses: cachix/install-nix-action@v25
     - name: Download Installer
+      # The script also depends on gh and git but those are both pre-installed on the runner
       run: nix-shell -p python3Packages.requests --run "python assemble_installer.py" -I nixpkgs=channel:nixos-23.11
-    - uses: stefanzweifel/git-auto-commit-action@v5
-      with:
-        commit_message: "Update installer script"
-        commit_user_name: "GitHub Actions"
-        branch: prerelease
-        # assemble_installer.py already does a fetch and checkout
-        skip_fetch: true
-        skip_checkout: true
+      env:
+        GH_TOKEN: ${{ github.token }}
diff --git a/assemble_installer.py b/assemble_installer.py
index bd19bd359..b5a5cc0c5 100644
--- a/assemble_installer.py
+++ b/assemble_installer.py
@@ -1,11 +1,29 @@
+import os
 import requests
 import subprocess
 import shutil
 import sys
+import tempfile
+import tomllib
 
 response = requests.get('https://hydra.nixos.org/jobset/experimental-nix-installer/experimental-installer/evals', headers={'Accept': 'application/json'})
 
-hydra_eval = response.json()['evals'][0]
+evals = response.json()['evals']
+eval_id = int(os.getenv("TESTING_HYDRA_EVAL_ID"))
+if eval_id is not None:
+    ids = [eval['id'] for eval in evals]
+    hydra_eval = next( eval for eval in evals if eval['id'] == eval_id )
+else:
+    hydra_eval = evals[0]
+
+    rev = subprocess.run(
+        ["git", "rev-parse", "HEAD"], stdout=subprocess.PIPE, check=True, text=True
+    ).stdout.strip()
+
+    if not rev in hydra_eval["flake"]:
+        raise RuntimeError(
+            f"Expected flake with rev {rev} but found flake {hydra_eval['flake']}"
+        )
 
 installers = []
 
@@ -22,10 +40,35 @@
             subprocess.call(f"nix-store -r {installer_url}", shell=True)
         installers.append((installer_url, system))
     else:
+        print(
+            f"Build {build_id} not finished. Check status at https://hydra.nixos.org/eval/{hydra_eval['id']}#tabs-unfinished"
+        )
         sys.exit(0)
 
-subprocess.run(["git", "fetch", "origin", "prerelease"], check=True)
-subprocess.run(["git", "checkout", "-b", "prerelease", "origin/prerelease"], check=True)
+with open("Cargo.toml", "rb") as f:
+    cargo_toml = tomllib.load(f)
+version = cargo_toml["package"]["version"]
 
-for installer_url, system in installers:
-    shutil.copy(f"{installer_url}/bin/nix-installer", f"nix-installer-{system}")
+with tempfile.TemporaryDirectory() as tmpdirname:
+    release_files = []
+    for installer_url, system in installers:
+        installer_file = f"{tmpdirname}/nix-installer-{system}"
+        release_files.append(installer_file)
+        print(f"Copying {installer_url} to {installer_file}")
+        shutil.copy(f"{installer_url}/bin/nix-installer", installer_file)
+    release_files.append("nix-installer.sh")
+    subprocess.run(
+        [
+            "gh",
+            "release",
+            "create",
+            "--notes",
+            f"Release experimental nix installer v{version}",
+            "--title",
+            f"v{version}",
+            "--draft",
+            version,
+            *release_files,
+        ],
+        check=True,
+    )
diff --git a/nix-installer.sh b/nix-installer.sh
index 97144a5df..390a8a807 100755
--- a/nix-installer.sh
+++ b/nix-installer.sh
@@ -25,7 +25,7 @@ fi
 set -u
 
 # If NIX_INSTALLER_FORCE_ALLOW_HTTP is unset or empty, default it.
-NIX_INSTALLER_BINARY_ROOT="${NIX_INSTALLER_BINARY_ROOT:-https://raw.githubusercontent.com/NixOS/experimental-nix-installer/prerelease}"
+NIX_INSTALLER_BINARY_ROOT="${NIX_INSTALLER_BINARY_ROOT:-https://github.com/NixOS/experimental-nix-installer/releases/download/0.27.0}"
 
 main() {
     downloader --check