From e6c0a0604776de02338fd1426f6af874157e2f88 Mon Sep 17 00:00:00 2001 From: schickling-assistant <261620128+schickling-assistant@users.noreply.github.com> Date: Fri, 8 May 2026 13:43:55 +0200 Subject: [PATCH] Remove nix hash refresh tasks --- README.md | 4 +- .../dashboards/dt-duration-trends.jsonnet | 3 +- nix/devenv-modules/tasks/README.md | 2 +- nix/devenv-modules/tasks/shared/nix-cli.nix | 318 +----------- nix/devenv-modules/tasks/shared/pnpm.nix | 2 +- .../tasks/shared/tests/nix-cli-hash.test.sh | 488 ------------------ .../tests/nix-cli-no-hash-refresh.test.sh | 21 + nix/opentui-core-native.nix | 13 +- nix/workspace-tools/docs/mk-bun-cli.md | 2 +- nix/workspace-tools/lib/mk-bun-cli.nix | 2 +- .../lib/mk-bun-cli/bun-deps.nix | 2 +- packages/@overeng/genie/README.md | 2 +- packages/@overeng/genie/nix/build.nix | 2 +- packages/@overeng/megarepo/nix/build.nix | 2 +- packages/@overeng/notion-cli/nix/build.nix | 2 +- packages/@overeng/tui-stories/nix/build.nix | 2 +- 16 files changed, 52 insertions(+), 815 deletions(-) delete mode 100755 nix/devenv-modules/tasks/shared/tests/nix-cli-hash.test.sh create mode 100755 nix/devenv-modules/tasks/shared/tests/nix-cli-no-hash-refresh.test.sh diff --git a/README.md b/README.md index ad514c6db..db3254b88 100644 --- a/README.md +++ b/README.md @@ -123,8 +123,8 @@ dt nix:check After `pnpm-lock.yaml` changes: ```bash -dt nix:hash:genie -dt nix:hash +refresh Nix FOD hashes for genie +refresh all stale Nix FOD hashes with your repo workflow ``` ## Quick Start diff --git a/nix/devenv-modules/otel/dashboards/dt-duration-trends.jsonnet b/nix/devenv-modules/otel/dashboards/dt-duration-trends.jsonnet index 7d56cad41..979d41451 100644 --- a/nix/devenv-modules/otel/dashboards/dt-duration-trends.jsonnet +++ b/nix/devenv-modules/otel/dashboards/dt-duration-trends.jsonnet @@ -14,7 +14,7 @@ // - lint:check (linting) // - test:run (test execution) // - mr:fetch-apply (repo synchronization) -// - nix:build, nix:check, nix:hash (Nix operations) +// - nix:build, nix:check (Nix operations) // - tsc per-project breakdown (from extendedDiagnostics spans) local g = import 'g.libsonnet'; local lib = import 'lib.libsonnet'; @@ -280,7 +280,6 @@ g.dashboard.new('dt Task Duration Trends') ), at( - taskDurationPanel('nix:hash:* (p50 / p95 / p99)', 'nix:hash:.*'), 16, y.nixContent, 8, 8, ), diff --git a/nix/devenv-modules/tasks/README.md b/nix/devenv-modules/tasks/README.md index fd185b592..5fbdfe23f 100644 --- a/nix/devenv-modules/tasks/README.md +++ b/nix/devenv-modules/tasks/README.md @@ -36,7 +36,7 @@ imports = [ flaky "File not found" errors when pnpm is concurrently mutating/symlinking `node_modules` during CI. - `megarepo.nix` - Megarepo workspace tasks -- `nix-cli.nix` - Nix CLI build tasks (nix:hash, nix:build, nix:flake:check) +- `nix-cli.nix` - Nix CLI build/check tasks - `pnpm.nix` - pnpm install tasks - `setup.nix` - Setup tasks - `test.nix` - Test tasks diff --git a/nix/devenv-modules/tasks/shared/nix-cli.nix b/nix/devenv-modules/tasks/shared/nix-cli.nix index ac3484250..0256635bb 100644 --- a/nix/devenv-modules/tasks/shared/nix-cli.nix +++ b/nix/devenv-modules/tasks/shared/nix-cli.nix @@ -1,4 +1,4 @@ -# Nix CLI build, hash management, and flake validation tasks +# Nix CLI build, FOD validation, and flake validation tasks # # Usage in devenv.nix: # imports = [ @@ -15,8 +15,6 @@ # ]; # # Provides: -# - nix:hash - Update all hashes (pnpmDepsHash + lockfileHash + packageJsonDepsHash) for all CLI packages -# - nix:hash: - Update all hashes for specific package # - nix:build - Build all CLI packages # - nix:build: - Build specific package # - nix:check - Check if any CLI hashes are stale (full build per package) @@ -78,283 +76,6 @@ let fi fi } - - update_hash_in_file() { - local hashKey="$1" - local newValue="$2" - local hashSourcePath="$3" - local packageName="$4" - - export HASH_KEY="$hashKey" - export HASH_VALUE="$newValue" - export PKG_NAME="$packageName" - - if grep -qE "(^|[[:space:]])(\"$packageName\"|$packageName)\\s*=" "$hashSourcePath"; then - ${pkgs.perl}/bin/perl -0777 -i -pe ' - my $pkg = $ENV{"PKG_NAME"}; - my $key = $ENV{"HASH_KEY"}; - my $val = $ENV{"HASH_VALUE"}; - my $attr = qr/(?:\Q$pkg\E|"\Q$pkg\E")/; - - if (/($attr\s*=\s*\{.*?\b\Q$key\E\s*=\s*)"sha256-[^"]+"/s) { - s/($attr\s*=\s*\{.*?\b\Q$key\E\s*=\s*)"sha256-[^"]+"/$1"$val"/s; - } else { - die "Could not find scoped hash $key for package $pkg in $ARGV\n"; - } - ' "$hashSourcePath" - return - fi - - if grep -qE "$hashKey\s*=\s*if\s+pkgs\.stdenv\.isDarwin" "$hashSourcePath"; then - if [[ "$(uname -s)" == "Darwin" ]]; then - echo " (platform-specific: updating Darwin/then branch)" - ${pkgs.perl}/bin/perl -0777 -i -pe ' - my $key = $ENV{"HASH_KEY"}; - my $val = $ENV{"HASH_VALUE"}; - s/(\b\Q$key\E\s*=\s*if\s+pkgs\.stdenv\.isDarwin\s+then\s+)"sha256-[^"]+"/$1"$val"/gs; - ' "$hashSourcePath" - else - echo " (platform-specific: updating Linux/else branch)" - ${pkgs.perl}/bin/perl -0777 -i -pe ' - my $key = $ENV{"HASH_KEY"}; - my $val = $ENV{"HASH_VALUE"}; - s/(\b\Q$key\E\s*=\s*if\s+pkgs\.stdenv\.isDarwin\s+then\s+"sha256-[^"]+"\s+else\s+)"sha256-[^"]+"/$1"$val"/gs; - ' "$hashSourcePath" - fi - else - if [ "$hashKey" = "bunDepsHash" ] || [ "$hashKey" = "pnpmDepsHash" ]; then - if ${pkgs.perl}/bin/perl -0777 -ne ' - exit 0 if /depsBuilds\s*=\s*\{.*?"\."\s*=\s*\{.*?\bhash\s*=\s*(?:"sha256-[^"]+"|pkgs\.lib\.fakeHash|lib\.fakeHash)/s; - exit 1; - ' "$hashSourcePath"; then - ${pkgs.perl}/bin/perl -0777 -i -pe ' - my $val = $ENV{"HASH_VALUE"}; - s/(depsBuilds\s*=\s*\{.*?"\."\s*=\s*\{.*?\bhash\s*=\s*)(?:"sha256-[^"]+"|pkgs\.lib\.fakeHash|lib\.fakeHash)/$1 . qq{"$val"}/se; - ' "$hashSourcePath" - return - fi - fi - - ${pkgs.perl}/bin/perl -0777 -i -pe ' - my $key = $ENV{"HASH_KEY"}; - my $val = $ENV{"HASH_VALUE"}; - s/\b\Q$key\E\s*=\s*"sha256-[^"]+"/$key = "$val"/g; - ' "$hashSourcePath" - fi - } - ''; - # Script to update all hashes in the declared hashSource file - # Handles pnpmDepsHash/bunDepsHash, lockfileHash, and packageJsonDepsHash - # Iteratively updates hashes until build succeeds - updateHashScript = pkgs.writeShellScript "update-all-hashes" '' - set -euo pipefail - - flakeRef="$1" - hashSource="$2" - name="$3" - lockfile="$4" - packageJson="''${5-}" - - FAKE_HASH="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" - MAX_ITERATIONS=20 - - ${hashSourceHelpers} - - # Helper to update lockfileHash and packageJsonDepsHash in the hash source - update_fingerprint_hashes() { - if [ -n "$lockfile" ] && [ -f "$lockfile" ]; then - # Update lockfileHash - newLockfileHash="sha256-$(${pkgs.nix}/bin/nix-hash --type sha256 --base64 "$lockfile")" - if [ -n "$(read_hash_from_file "lockfileHash" "$hashSource" "$name")" ]; then - update_hash_in_file "lockfileHash" "$newLockfileHash" "$hashSource" "$name" - echo "Updated lockfileHash to $newLockfileHash" - fi - - # Update packageJsonDepsHash (package.json deps fingerprint) - if [ -z "$packageJson" ]; then - packageJson="$(dirname "$lockfile")/package.json" - fi - if [ -f "$packageJson" ] && [ -n "$(read_hash_from_file "packageJsonDepsHash" "$hashSource" "$name")" ]; then - tmpDeps=$(mktemp) - ${pkgs.jq}/bin/jq -cS '{dependencies, devDependencies, peerDependencies}' "$packageJson" > "$tmpDeps" - newPackageJsonDepsHash="sha256-$(${pkgs.nix}/bin/nix-hash --type sha256 --base64 "$tmpDeps")" - rm "$tmpDeps" - update_hash_in_file "packageJsonDepsHash" "$newPackageJsonDepsHash" "$hashSource" "$name" - echo "Updated packageJsonDepsHash to $newPackageJsonDepsHash" - fi - fi - } - - extract_got_hash() { - echo "$1" | grep -oE 'got:\s+sha256-[A-Za-z0-9+/=]+' | grep -oE 'sha256-[A-Za-z0-9+/=]+' | head -1 || true - } - - extract_actual_hash() { - echo "$1" | grep -oE 'actual:\s+sha256-[A-Za-z0-9+/=]+' | grep -oE 'sha256-[A-Za-z0-9+/=]+' | head -1 || true - } - - extract_hash_mismatches() { - printf '%s\n' "$1" | ${pkgs.perl}/bin/perl -ne ' - if (/hash mismatch in fixed-output derivation \x27([^\x27]+)\x27/) { - $drv = $1; - next; - } - if (defined $drv && /got:\s+(sha256-[A-Za-z0-9+\/=]+)/) { - print "$drv\t$1\n"; - undef $drv; - } - ' - } - - local_dep_dir_from_drv_path() { - local drvPath="$1" - local encodedDir - - encodedDir=$(printf '%s\n' "$drvPath" | grep -oE "packages-[a-zA-Z0-9_-]+-pnpm-deps" | head -1 | ${pkgs.gnused}/bin/sed 's/-pnpm-deps$//' || true) - if [ -z "$encodedDir" ]; then - return 0 - fi - - printf '%s\n' "$encodedDir" | ${pkgs.gnused}/bin/sed 's/--/\/@/g; s/-/\//g' - } - - echo "Checking $name ($flakeRef)..." - - update_fingerprint_hashes - - echo "Some hashes are stale, updating..." - - # Determine the main hash key (bunDepsHash or pnpmDepsHash) - mainHashKey="bunDepsHash" - if [ -n "$(read_hash_from_file "pnpmDepsHash" "$hashSource" "$name")" ]; then - mainHashKey="pnpmDepsHash" - fi - - currentMainHash="$(read_hash_from_file "$mainHashKey" "$hashSource" "$name")" - restoreMainHashOnExit=false - success=false - - restore_main_hash() { - if [ "$restoreMainHashOnExit" != true ] || [ "$success" = true ]; then - return - fi - - if [ -n "$currentMainHash" ] && [ "$currentMainHash" != "$FAKE_HASH" ]; then - echo "Restoring $mainHashKey to $currentMainHash" - update_hash_in_file "$mainHashKey" "$currentMainHash" "$hashSource" "$name" - fi - } - - trap restore_main_hash EXIT - - if [ -n "$currentMainHash" ] && [ "$currentMainHash" != "$FAKE_HASH" ]; then - echo "Resetting $mainHashKey to trigger a fresh fixed-output hash check..." - update_hash_in_file "$mainHashKey" "$FAKE_HASH" "$hashSource" "$name" - restoreMainHashOnExit=true - fi - - updated_any=false - iteration=0 - - while [ $iteration -lt $MAX_ITERATIONS ]; do - iteration=$((iteration + 1)) - echo "" - echo "=== Iteration $iteration ===" - - set +e - output=$(${pkgs.nix}/bin/nix build "$flakeRef" --no-link --keep-going --option substituters "https://cache.nixos.org" 2>&1) - status=$? - set -e - - if [ $status -eq 0 ]; then - echo "" - if [ "$updated_any" = true ]; then - echo "✓ $name: all hashes updated successfully" - else - echo "✓ $name: all hashes up to date" - fi - update_fingerprint_hashes - success=true - exit 0 - fi - - hashMismatches=$(extract_hash_mismatches "$output") - actualHash=$(extract_actual_hash "$output") - - if [ -n "$actualHash" ] && [ -n "$(read_hash_from_file "lockfileHash" "$hashSource" "$name")" ]; then - update_hash_in_file "lockfileHash" "$actualHash" "$hashSource" "$name" - echo "Updated lockfileHash to $actualHash" - updated_any=true - continue - fi - - if [ -z "$hashMismatches" ]; then - # No hash mismatch found - check for stale pnpm dependency preparation. - # This happens when pnpm-lock.yaml changed but the old hash still "works" - # long enough for pnpm to fail while materializing the prepared tree. - if echo "$output" | grep -qiE "ERR_PNPM_NO_OFFLINE_TARBALL|ERR_PNPM_TARBALL_INTEGRITY|lockfile:.*manifest:"; then - echo "Detected stale pnpmDepsHash (prepared pnpm install tree is stale)" - echo "Resetting $mainHashKey to trigger complete re-materialization..." - - # Set fake hash to force Nix to re-fetch and report correct hash - update_hash_in_file "$mainHashKey" "$FAKE_HASH" "$hashSource" "$name" - - updated_any=true - continue # Next iteration will get the correct hash from mismatch error - fi - - # Genuine build failure - not a hash issue - echo "✗ $name: build failed but no hash mismatch found" - echo "$output" - exit 1 - fi - - seenTargets=$(mktemp) - while IFS=$'\t' read -r mismatchDrv mismatchHash; do - if [ -z "$mismatchDrv" ] || [ -z "$mismatchHash" ]; then - continue - fi - - localDepDir=$(local_dep_dir_from_drv_path "$mismatchDrv") - if [ -n "$localDepDir" ]; then - target="local:$localDepDir" - if grep -Fxq "$target" "$seenTargets"; then - continue - fi - echo "$target" >> "$seenTargets" - - echo "Updating localDeps hash for $localDepDir to $mismatchHash..." - - export LOCAL_DEP_DIR="$localDepDir" - export NEW_HASH="$mismatchHash" - ${pkgs.perl}/bin/perl -0777 -i -pe ' - my $dir = $ENV{"LOCAL_DEP_DIR"}; - my $hash = $ENV{"NEW_HASH"}; - s/(\{\s*dir\s*=\s*"\Q$dir\E"\s*;\s*hash\s*=\s*)"sha256-[^"]+"/$1"$hash"/g; - ' "$hashSource" - - updated_any=true - continue - fi - - target="main" - if grep -Fxq "$target" "$seenTargets"; then - continue - fi - echo "$target" >> "$seenTargets" - - echo "Updating $mainHashKey to $mismatchHash..." - update_hash_in_file "$mainHashKey" "$mismatchHash" "$hashSource" "$name" - restoreMainHashOnExit=false - updated_any=true - done < "$tmpfile" << 'EOF' -{ pkgs }: -{ - pnpmDepsHash = "sha256-OLDHASH123456789012345678901234567890123="; - lockfileHash = "sha256-LOCKFILE12345678901234567890123456789012="; -} -EOF - -update_hash_in_file "pnpmDepsHash" "sha256-NEWHASH999999999999999999999999999999999=" "$tmpfile" - -if grep -q 'pnpmDepsHash = "sha256-NEWHASH999999999999999999999999999999999="' "$tmpfile"; then - echo " ✓ Simple hash update works" -else - echo " ✗ Simple hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 -fi - -# Verify lockfileHash wasn't touched -if grep -q 'lockfileHash = "sha256-LOCKFILE12345678901234567890123456789012="' "$tmpfile"; then - echo " ✓ Other hashes preserved" -else - echo " ✗ Other hashes were incorrectly modified" - cat "$tmpfile" - rm "$tmpfile" - exit 1 -fi -rm "$tmpfile" - -# Test 3: Nested depsBuilds main hash pattern -echo "Testing nested depsBuilds main hash pattern..." -tmpfile=$(mktemp) -cat > "$tmpfile" << 'EOF' -{ pkgs }: -{ - depsBuilds = { - "." = { - hash = "sha256-OLDHASH123456789012345678901234567890123="; - }; - }; -} -EOF - -update_hash_in_file "pnpmDepsHash" "sha256-NESTEDHASH999999999999999999999999999999=" "$tmpfile" - -if grep -q 'hash = "sha256-NESTEDHASH999999999999999999999999999999="' "$tmpfile"; then - echo " ✓ Nested depsBuilds hash update works" -else - echo " ✗ Nested depsBuilds hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 -fi -rm "$tmpfile" - -# Test 2: Platform-specific hash pattern -echo "Testing platform-specific hash pattern..." -tmpfile=$(mktemp) -cat > "$tmpfile" << 'EOF' -{ pkgs }: -{ - pnpmDepsHash = if pkgs.stdenv.isDarwin - then "sha256-DARWINHASH1234567890123456789012345678901=" - else "sha256-LINUXHASH12345678901234567890123456789012="; - lockfileHash = "sha256-LOCKFILE12345678901234567890123456789012="; -} -EOF - -NEW_HASH="sha256-UPDATEDHASH9999999999999999999999999999999=" -update_hash_in_file "pnpmDepsHash" "$NEW_HASH" "$tmpfile" - -if [[ "$(uname -s)" == "Darwin" ]]; then - # On Darwin, should update the "then" branch - if grep -q "then \"$NEW_HASH\"" "$tmpfile"; then - echo " ✓ Darwin hash updated correctly" - else - echo " ✗ Darwin hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi - # Linux hash should be unchanged - if grep -q 'else "sha256-LINUXHASH12345678901234567890123456789012="' "$tmpfile"; then - echo " ✓ Linux hash preserved" - else - echo " ✗ Linux hash was incorrectly modified" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi -else - # On Linux, should update the "else" branch - if grep -q "else \"$NEW_HASH\"" "$tmpfile"; then - echo " ✓ Linux hash updated correctly" - else - echo " ✗ Linux hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi - # Darwin hash should be unchanged - if grep -q 'then "sha256-DARWINHASH1234567890123456789012345678901="' "$tmpfile"; then - echo " ✓ Darwin hash preserved" - else - echo " ✗ Darwin hash was incorrectly modified" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi -fi - -# Verify lockfileHash wasn't touched -if grep -q 'lockfileHash = "sha256-LOCKFILE12345678901234567890123456789012="' "$tmpfile"; then - echo " ✓ lockfileHash preserved" -else - echo " ✗ lockfileHash was incorrectly modified" - cat "$tmpfile" - rm "$tmpfile" - exit 1 -fi -rm "$tmpfile" - -# Test 3: Platform-specific with different formatting (single line) -echo "Testing platform-specific hash (compact format)..." -tmpfile=$(mktemp) -cat > "$tmpfile" << 'EOF' -{ pkgs }: -{ - pnpmDepsHash = if pkgs.stdenv.isDarwin then "sha256-DARWIN123456789012345678901234567890123=" else "sha256-LINUX1234567890123456789012345678901234="; -} -EOF - -update_hash_in_file "pnpmDepsHash" "sha256-COMPACT9999999999999999999999999999999999=" "$tmpfile" - -if [[ "$(uname -s)" == "Darwin" ]]; then - if grep -q 'then "sha256-COMPACT9999999999999999999999999999999999="' "$tmpfile"; then - echo " ✓ Compact Darwin hash updated" - else - echo " ✗ Compact Darwin hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi -else - if grep -q 'else "sha256-COMPACT9999999999999999999999999999999999="' "$tmpfile"; then - echo " ✓ Compact Linux hash updated" - else - echo " ✗ Compact Linux hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi -fi -rm "$tmpfile" - -# Test 4: Real-world format (with comments, like genie's build.nix) -echo "Testing real-world format with comments..." -tmpfile=$(mktemp) -cat > "$tmpfile" << 'EOF' -{ pkgs, src, gitRev ? "unknown", commitTs ? 0, dirty ? false }: - -let - mkPnpmCli = import ../../../../nix/workspace-tools/lib/mk-pnpm-cli.nix { inherit pkgs; }; - packageJsonDepsHash = "sha256-PACKAGEJSON12345678901234567890123456789="; - unwrapped = mkPnpmCli { - name = "genie-unwrapped"; - entry = "packages/@overeng/genie/bin/genie.tsx"; - # Platform-specific hash: fetchPnpmDeps only fetches native binaries for the current platform. - # Each platform produces different hashes due to platform-specific optional dependencies - # (e.g., @esbuild/darwin-arm64 vs @esbuild/linux-x64). - pnpmDepsHash = if pkgs.stdenv.isDarwin - then "sha256-OLDDDDDARWIN123456789012345678901234567890=" - else "sha256-OLDDDDDLINUX1234567890123456789012345678901="; - lockfileHash = "sha256-LOCKFILE12345678901234567890123456789012="; - inherit gitRev commitTs dirty; - }; -in -pkgs.runCommand "genie" {} "" -EOF - -update_hash_in_file "pnpmDepsHash" "sha256-REALWORLD99999999999999999999999999999999=" "$tmpfile" - -if [[ "$(uname -s)" == "Darwin" ]]; then - if grep -q 'then "sha256-REALWORLD99999999999999999999999999999999="' "$tmpfile"; then - echo " ✓ Real-world Darwin hash updated" - else - echo " ✗ Real-world Darwin hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi - if grep -q 'else "sha256-OLDDDDDLINUX1234567890123456789012345678901="' "$tmpfile"; then - echo " ✓ Real-world Linux hash preserved" - else - echo " ✗ Real-world Linux hash was incorrectly modified" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi -else - if grep -q 'else "sha256-REALWORLD99999999999999999999999999999999="' "$tmpfile"; then - echo " ✓ Real-world Linux hash updated" - else - echo " ✗ Real-world Linux hash update failed" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi - if grep -q 'then "sha256-OLDDDDDARWIN123456789012345678901234567890="' "$tmpfile"; then - echo " ✓ Real-world Darwin hash preserved" - else - echo " ✗ Real-world Darwin hash was incorrectly modified" - cat "$tmpfile" - rm "$tmpfile" - exit 1 - fi -fi - -# Verify other hashes weren't touched -if grep -q 'lockfileHash = "sha256-LOCKFILE12345678901234567890123456789012="' "$tmpfile" && \ - grep -q 'packageJsonDepsHash = "sha256-PACKAGEJSON12345678901234567890123456789="' "$tmpfile"; then - echo " ✓ Other hashes preserved" -else - echo " ✗ Other hashes were incorrectly modified" - cat "$tmpfile" - rm "$tmpfile" - exit 1 -fi -rm "$tmpfile" - -echo "" -echo "Testing multi-mismatch updates..." -tmpfile=$(mktemp) -cat > "$tmpfile" << 'EOF' -{ pkgs }: -{ - pnpmDepsHash = "sha256-OLDMAIN1234567890123456789012345678901234="; - localDeps = [ - { dir = "packages/@overeng/utils"; hash = "sha256-OLDUTILS12345678901234567890123456789012="; } - { dir = "packages/@overeng/megarepo"; hash = "sha256-OLDMEGAREPO1234567890123456789012345678="; } - ]; -} -EOF - -seen_targets=$(mktemp) -while IFS=$'\t' read -r mismatch_drv mismatch_hash; do - [ -n "$mismatch_drv" ] || continue - [ -n "$mismatch_hash" ] || continue - - local_dep_dir=$(local_dep_dir_from_drv_path "$mismatch_drv") - if [ -n "$local_dep_dir" ]; then - target="local:$local_dep_dir" - if grep -Fxq "$target" "$seen_targets"; then - continue - fi - echo "$target" >> "$seen_targets" - - export LOCAL_DEP_DIR="$local_dep_dir" - export NEW_HASH="$mismatch_hash" - perl -0777 -i -pe ' - my $dir = $ENV{"LOCAL_DEP_DIR"}; - my $hash = $ENV{"NEW_HASH"}; - s/(\{\s*dir\s*=\s*"\Q$dir\E"\s*;\s*hash\s*=\s*)"sha256-[^"]+"/$1"$hash"/g; - ' "$tmpfile" - continue - fi - - target="main" - if grep -Fxq "$target" "$seen_targets"; then - continue - fi - echo "$target" >> "$seen_targets" - update_hash_in_file "pnpmDepsHash" "$mismatch_hash" "$tmpfile" -done <&2 fi -echo "mk-bun-cli: bunDepsHash may be stale; update it (dt nix:hash:${name})" >&2 +echo "mk-bun-cli: bunDepsHash may be stale; refresh Nix FOD hashes for ${name}" >&2 ``` - **Fast dirty dependency resolution**: dirty builds avoid symlinking the full diff --git a/nix/workspace-tools/lib/mk-bun-cli.nix b/nix/workspace-tools/lib/mk-bun-cli.nix index d1317966d..598d8e543 100644 --- a/nix/workspace-tools/lib/mk-bun-cli.nix +++ b/nix/workspace-tools/lib/mk-bun-cli.nix @@ -213,7 +213,7 @@ pkgs.stdenv.mkDerivation { echo "│ ${lockFileName} has changed since the dependency cache was built.│" >&2 echo "│ This can cause mysterious build failures with wrong versions. │" >&2 echo "│ │" >&2 - echo "│ Run: dt nix:hash:${name} │" >&2 + echo "│ Refresh Nix FOD hashes for ${name} │" >&2 echo "└──────────────────────────────────────────────────────────────────┘" >&2 echo "" >&2 exit 1 diff --git a/nix/workspace-tools/lib/mk-bun-cli/bun-deps.nix b/nix/workspace-tools/lib/mk-bun-cli/bun-deps.nix index e3eecdd29..d63c5e0fc 100644 --- a/nix/workspace-tools/lib/mk-bun-cli/bun-deps.nix +++ b/nix/workspace-tools/lib/mk-bun-cli/bun-deps.nix @@ -111,7 +111,7 @@ else if grep -q "lockfile had changes" "$install_log"; then echo "mk-bun-cli: ${lockFileName} changed while deps hash is frozen" >&2 fi - echo "mk-bun-cli: deps hash may be stale; update it (dt nix:hash:${name})" >&2 + echo "mk-bun-cli: deps hash may be stale; refresh Nix FOD hashes for ${name}" >&2 exit 1 fi } diff --git a/packages/@overeng/genie/README.md b/packages/@overeng/genie/README.md index f406c3ddb..da25fea77 100644 --- a/packages/@overeng/genie/README.md +++ b/packages/@overeng/genie/README.md @@ -63,7 +63,7 @@ in dt nix:build:genie # After repo-root pnpm-lock.yaml changes (updates dependency hash) -dt nix:hash:genie +refresh Nix FOD hashes for genie with the repo workflow # Build all CLI packages (optional) dt nix:build diff --git a/packages/@overeng/genie/nix/build.nix b/packages/@overeng/genie/nix/build.nix index f764e8745..d62b721b3 100644 --- a/packages/@overeng/genie/nix/build.nix +++ b/packages/@overeng/genie/nix/build.nix @@ -22,7 +22,7 @@ let binaryName = "genie"; packageDir = "packages/@overeng/genie"; workspaceRoot = src; - # Managed by `dt nix:hash:genie` — do not edit manually. + # Managed by the repo FOD refresh workflow — do not edit manually. depsBuilds = { "." = { hash = "sha256-gvNaFg6BvYxKeG4veyeANwfDqltTXS43trSuJpm9r44="; diff --git a/packages/@overeng/megarepo/nix/build.nix b/packages/@overeng/megarepo/nix/build.nix index 11e7696ef..a13795ca4 100644 --- a/packages/@overeng/megarepo/nix/build.nix +++ b/packages/@overeng/megarepo/nix/build.nix @@ -21,7 +21,7 @@ let binaryName = "mr"; packageDir = "packages/@overeng/megarepo"; workspaceRoot = src; - # Managed by `dt nix:hash:megarepo` — do not edit manually. + # Managed by the repo FOD refresh workflow — do not edit manually. depsBuilds = { "." = { hash = "sha256-3CS4PQWD2EcV0TUWWnhH4iM73XaymhYbz8/PlMZQgk4="; diff --git a/packages/@overeng/notion-cli/nix/build.nix b/packages/@overeng/notion-cli/nix/build.nix index abb718ca0..6c838a3de 100644 --- a/packages/@overeng/notion-cli/nix/build.nix +++ b/packages/@overeng/notion-cli/nix/build.nix @@ -18,7 +18,7 @@ let binaryName = "notion"; packageDir = "packages/@overeng/notion-cli"; workspaceRoot = src; - # Managed by `dt nix:hash:notion-cli` — do not edit manually. + # Managed by the repo FOD refresh workflow — do not edit manually. depsBuilds = { "." = { hash = "sha256-XXK2ihjQfTtOa8FSqWkcUugDpnKQic7Ra/X0CCRjGao="; diff --git a/packages/@overeng/tui-stories/nix/build.nix b/packages/@overeng/tui-stories/nix/build.nix index 657997e50..814bf0d83 100644 --- a/packages/@overeng/tui-stories/nix/build.nix +++ b/packages/@overeng/tui-stories/nix/build.nix @@ -18,7 +18,7 @@ let binaryName = "tui-stories"; packageDir = "packages/@overeng/tui-stories"; workspaceRoot = src; - # Managed by `dt nix:hash:tui-stories` — do not edit manually. + # Managed by the repo FOD refresh workflow — do not edit manually. depsBuilds = { "." = { hash = "sha256-arpU/d9vFOKJ8wif82Ki6cOmfaMeZNbxBNJfTN66R/U=";