From 5d2968e30df1e33d89f1039ad5b2e6dc4a2ca60d Mon Sep 17 00:00:00 2001
From: Juanjo Presa <juanjop@gmail.com>
Date: Wed, 5 Feb 2025 03:31:10 +0100
Subject: [PATCH] feat: Add package metadata via nvd for Terraform diffs

---
 terraform/nix-build/nix-build.sh     | 17 ++++++++++++++++-
 terraform/nixos-rebuild/main.tf      |  1 +
 terraform/nixos-rebuild/variables.tf |  6 ++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/terraform/nix-build/nix-build.sh b/terraform/nix-build/nix-build.sh
index d675341f..78f95231 100755
--- a/terraform/nix-build/nix-build.sh
+++ b/terraform/nix-build/nix-build.sh
@@ -39,5 +39,20 @@ else
   # inject `special_args` into nixos config's `specialArgs`
   # shellcheck disable=SC2086
   out=$(nix build --no-link --json ${options} --expr "${nix_expr}" "${config_attribute}")
+  output_path=$(echo "$out" | jq -r '.[].outputs.out')
+  packages_json=$(nvd list --selected --root "$output_path" | awk '
+  BEGIN { first=1; printf "[" }
+  {
+    if (match($0, /^\[I\*\]\s+#([0-9]+)\s+([^ ]+)\s+(.*)$/, arr)) {
+      if (!first) { printf "," }
+      first=0
+      printf "{\"name\": \"%s\", \"versions\": \"%s\"}", arr[2], arr[3]
+    }
+  }
+  END { print "]" }
+  ')
 fi
-printf '%s' "$out" | jq -c '.[].outputs'
+jq -n \
+  --arg out "$output_path" \
+  --arg packages "$packages_json" \
+  '{ "out": $out, "packages": $packages }'
diff --git a/terraform/nixos-rebuild/main.tf b/terraform/nixos-rebuild/main.tf
index ccd36da2..5e4e20a6 100644
--- a/terraform/nixos-rebuild/main.tf
+++ b/terraform/nixos-rebuild/main.tf
@@ -1,6 +1,7 @@
 resource "null_resource" "nixos-rebuild" {
   triggers = {
     store_path = var.nixos_system
+    packages_list = var.nixos_system_packages
   }
   provisioner "local-exec" {
     environment = {
diff --git a/terraform/nixos-rebuild/variables.tf b/terraform/nixos-rebuild/variables.tf
index e560f39a..9822e5ca 100644
--- a/terraform/nixos-rebuild/variables.tf
+++ b/terraform/nixos-rebuild/variables.tf
@@ -3,6 +3,12 @@ variable "nixos_system" {
   description = "The nixos system to deploy"
 }
 
+variable "nixos_system_packages" {
+  type        = string
+  description = "The array of nixos system packages to deploy"
+  default     = ""
+}
+
 variable "target_host" {
   type        = string
   description = "DNS host to deploy to"