// SPDX-FileCopyrightText: 2020 Serokell
//
// SPDX-License-Identifier: MPL-2.0
use std::process::Stdio;
use tokio::process::Command;
use thiserror::Error;
#[derive(Error, Debug)]
pub enum PushProfileError {
#[error("Failed to calculate activate bin path from deploy bin path: {0}")]
DeployPathToActivatePathError(#[from] super::DeployPathToActivatePathError),
#[error("Failed to run Nix build command: {0}")]
BuildError(std::io::Error),
#[error("Nix build command resulted in a bad exit code: {0:?}")]
BuildExitError(Option),
#[error("Failed to run Nix sign command: {0}")]
SignError(std::io::Error),
#[error("Nix sign command resulted in a bad exit code: {0:?}")]
SignExitError(Option),
#[error("Failed to run Nix copy command: {0}")]
CopyError(std::io::Error),
#[error("Nix copy command resulted in a bad exit code: {0:?}")]
CopyExitError(Option),
}
pub async fn push_profile(
supports_flakes: bool,
check_sigs: bool,
repo: &str,
deploy_data: &super::DeployData<'_>,
deploy_defs: &super::DeployDefs<'_>,
keep_result: bool,
result_path: Option<&str>,
) -> Result<(), PushProfileError> {
info!(
"Building profile `{}` for node `{}`",
deploy_data.profile_name, deploy_data.node_name
);
let mut build_c = if supports_flakes {
Command::new("nix")
} else {
Command::new("nix-build")
};
let mut build_command = if supports_flakes {
build_c.arg("build").arg("--no-link").arg(format!(
"{}#deploy.nodes.{}.profiles.{}.path",
repo, deploy_data.node_name, deploy_data.profile_name
))
} else {
build_c
.arg(&repo)
.arg("--no-out-link")
.arg("-A")
.arg(format!(
"deploy.nodes.{}.profiles.{}.path",
deploy_data.node_name, deploy_data.profile_name
))
};
build_command = match (keep_result, supports_flakes) {
(true, _) => {
let result_path = result_path.unwrap_or("./.deploy-gc");
build_command.arg("--out-link").arg(format!(
"{}/{}/{}",
result_path, deploy_data.node_name, deploy_data.profile_name
))
}
(false, false) => build_command.arg("--no-out-link"),
(false, true) => build_command.arg("--no-link"),
};
let build_exit_status = build_command
.stdout(Stdio::null())
.status()
.await
.map_err(PushProfileError::BuildError)?;
match build_exit_status.code() {
Some(0) => (),
a => return Err(PushProfileError::BuildExitError(a)),
};
if let Ok(local_key) = std::env::var("LOCAL_KEY") {
info!(
"Signing key present! Signing profile `{}` for node `{}`",
deploy_data.profile_name, deploy_data.node_name
);
let sign_exit_status = Command::new("nix")
.arg("sign-paths")
.arg("-r")
.arg("-k")
.arg(local_key)
.arg(&deploy_data.profile.profile_settings.path)
.arg(&super::deploy_path_to_activate_path_str(
&deploy_defs.current_exe,
)?)
.stdout(Stdio::null())
.stderr(Stdio::null())
.status()
.await
.map_err(PushProfileError::SignError)?;
match sign_exit_status.code() {
Some(0) => (),
a => return Err(PushProfileError::SignExitError(a)),
};
}
debug!(
"Copying profile `{}` to node `{}`",
deploy_data.profile_name, deploy_data.node_name
);
let mut copy_command_ = Command::new("nix");
let mut copy_command = copy_command_.arg("copy");
if let Some(true) = deploy_data.merged_settings.fast_connection {
copy_command = copy_command.arg("--substitute-on-destination");
}
if !check_sigs {
copy_command = copy_command.arg("--no-check-sigs");
}
let ssh_opts_str = deploy_data
.merged_settings
.ssh_opts
// This should provide some extra safety, but it also breaks for some reason, oh well
// .iter()
// .map(|x| format!("'{}'", x))
// .collect::>()
.join(" ");
let hostname = match deploy_data.cmd_overrides.hostname {
Some(ref x) => x,
None => &deploy_data.node.node_settings.hostname,
};
let copy_exit_status = copy_command
.arg("--to")
.arg(format!("ssh://{}@{}", deploy_defs.ssh_user, hostname))
.arg(&deploy_data.profile.profile_settings.path)
.arg(&super::deploy_path_to_activate_path_str(
&deploy_defs.current_exe,
)?)
.env("NIX_SSHOPTS", ssh_opts_str)
.status()
.await
.map_err(PushProfileError::CopyError)?;
match copy_exit_status.code() {
Some(0) => (),
a => return Err(PushProfileError::CopyExitError(a)),
};
Ok(())
}