diff --git a/.dagger/src/blumeops_ci/main.py b/.dagger/src/blumeops_ci/main.py index 641f0db..39c3586 100644 --- a/.dagger/src/blumeops_ci/main.py +++ b/.dagger/src/blumeops_ci/main.py @@ -1,7 +1,7 @@ import dagger from dagger import dag, function, object_type -NIX_IMAGE = "nixos/nix:2.33.3" +NIX_IMAGE = "nixos/nix:2.34.4" @object_type @@ -256,29 +256,52 @@ class BlumeopsCi: @function async def flake_update( - self, src: dagger.Directory, flake_path: str = "nixos/ringtail" + self, + src: dagger.Directory, + flake_path: str = "nixos/ringtail", + skip_inputs: str = "nixpkgs-services", ) -> dagger.File: """Update rolling flake inputs to latest and return updated flake.lock. - Skips nixpkgs-services, which is pinned to a specific commit and should - only be updated deliberately during service reviews. + Dynamically discovers all flake inputs, filters out skip_inputs + (comma-separated), and passes the rest as positional args to + `nix flake update`. This avoids hardcoding input names. + + Args: + src: Source directory containing the flake. + flake_path: Path to the flake within src. + skip_inputs: Comma-separated input names to exclude from update. """ + # nix has no --exclude flag; instead we enumerate inputs via + # `nix flake metadata --json` and pass the ones we want as + # positional args. + update_script = ( + "set -e; " + "SKIP='$SKIP_INPUTS'; " + "ALL=$(nix --extra-experimental-features 'nix-command flakes' " + "flake metadata --json 2>/dev/null " + "| nix-instantiate --eval -E " + '"builtins.concatStringsSep \\" \\" ' + "(builtins.attrNames " + "(builtins.fromJSON (builtins.readFile /dev/stdin))" + '.locks.nodes.root.inputs)" ' + "| tr -d '\"'); " + "INPUTS=''; " + "for i in $ALL; do " + ' case ",$SKIP," in *",$i,"*) continue ;; esac; ' + ' INPUTS="$INPUTS $i"; ' + "done; " + 'echo "Updating inputs:$INPUTS"; ' + 'echo "Skipping: $SKIP"; ' + "nix --extra-experimental-features 'nix-command flakes' " + "flake update $INPUTS --accept-flake-config" + ) return await ( dag.container() .from_(NIX_IMAGE) .with_directory("/workspace", src) .with_workdir(f"/workspace/{flake_path}") - .with_exec( - [ - "nix", - "--extra-experimental-features", - "nix-command flakes", - "flake", - "update", - "--exclude", - "nixpkgs-services", - "--accept-flake-config", - ] - ) + .with_env_variable("SKIP_INPUTS", skip_inputs) + .with_exec(["sh", "-c", update_script]) .file(f"/workspace/{flake_path}/flake.lock") ) diff --git a/docs/changelog.d/+fix-flake-update-pipeline.bugfix.md b/docs/changelog.d/+fix-flake-update-pipeline.bugfix.md new file mode 100644 index 0000000..1ebae57 --- /dev/null +++ b/docs/changelog.d/+fix-flake-update-pipeline.bugfix.md @@ -0,0 +1 @@ +Fix dagger flake-update pipeline: replace nonexistent `--exclude` flag with dynamic input discovery diff --git a/nixos/ringtail/flake.lock b/nixos/ringtail/flake.lock index c7f865c..def21b2 100644 --- a/nixos/ringtail/flake.lock +++ b/nixos/ringtail/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1774559029, - "narHash": "sha256-deix7yg3j6AhjMPnFDCmWB3f83LsajaaULP5HH2j34k=", + "lastModified": 1775425411, + "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", "owner": "nix-community", "repo": "home-manager", - "rev": "a0bb0d11514f92b639514220114ac8063c72d0a3", + "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", "type": "github" }, "original": { @@ -43,11 +43,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1774388614, - "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=", + "lastModified": 1775305101, + "narHash": "sha256-/74n1oQPtKG52Yw41cbToxspxHbYz6O3vi+XEw16Qe8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e", + "rev": "36a601196c4ebf49e035270e10b2d103fe39076b", "type": "github" }, "original": {