update: 2023.6.2 -> 2023.8.1

* patched the package-lock for /web slightly to avoid what's likely a bug in napalm, causing the request for wrap-ansi@7.0.0 to be answered with a a 500 response. This seems to be the case because a name override is used for this module in the lock-file. While that is also the case for some other modules like string-width@4.2.3, they have a matching module with the name used in the override at the same version. Only wrap-ansi's version differs here, which causes the issue.
2023-08-30 16:37:06 +02:00 · 2023-08-30 16:37:06 +02:00 · ae8ff44762
commit ae8ff44762
parent d464790711
4 changed files with 48 additions and 6759 deletions
--- a/flake.lock
+++ b/flake.lock
@ -3,16 +3,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1693328978,
-        "narHash": "sha256-gJqExOCNq94DMfOOkUTFlur+USXUIYdi/TwENgXkPKo=",
+        "lastModified": 1693348305,
+        "narHash": "sha256-B+8sgcVSQ37VenuhOj5IV0WQPRJco5gh/jAA/F2sKQk=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "aba857753bcf785a2023d3ac80f9a6f7f15979fe",
+        "rev": "be3cfaee560a7d6fac157d61ae7186a92a279c9c",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2023.6.2",
+        "ref": "version/2023.8.1",
        "repo": "authentik",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -20,7 +20,7 @@
      };
    };
    authentik-src = { # change version string in outputs as well when updating
-      url = "github:goauthentik/authentik/version/2023.6.2";
+      url = "github:goauthentik/authentik/version/2023.8.1";
      flake = false;
    };
  };
@ -39,7 +39,7 @@
    { inherit inputs; }
    ({ inputs, lib, withSystem, ... }:
    let
-      authentik-version = "2023.6.2"; # to pass to the drvs of some components
+      authentik-version = "2023.8.1"; # to pass to the drvs of some components
    in {
      systems = [
        "x86_64-linux"
@ -77,12 +77,27 @@
          frontend = napalm.legacyPackages.${system}.buildPackage "${authentik-src}/web" {
            version = authentik-version; # 0.0.0 specified upstream in package.json
            packageLock = let
-              # https://github.com/goauthentik/authentik/issues/6180
+              fix-napalm-registry-500-response = pkgs.writeText "lockfile.patch" ''
+                diff --git a/web/package-lock.json b/web/package-lock.json
+                index 028accd89..6c3590120 100644
+                --- a/web/package-lock.json
+                +++ b/web/package-lock.json
+                @@ -22959,8 +22959,7 @@
+                                 "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+                             }
+                         },
+                -        "node_modules/wrap-ansi-cjs": {
+                -            "name": "wrap-ansi",
+                +        "node_modules/wrap-ansi-cjs/node_modules/wrap-ansi": {
+                             "version": "7.0.0",
+                             "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+                             "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+              '';
              srcWithFullyResolvedLockfile = pkgs.applyPatches {
                name = "authentik-src-with-patched-package-lock";
                src = authentik-src;
                patches = [
-                  ./web-package-lock.json.patch
+                  fix-napalm-registry-500-response
                ];
              };
            in "${srcWithFullyResolvedLockfile}/web/package-lock.json";
@ -120,6 +135,7 @@
              filter = (path: _:
                (builtins.any (x: x) (
                  (map (infix: pkgs.lib.hasInfix infix path) [
+                    "/authentik"
                    "/cmd"
                    "/internal"
                  ])
@ -141,7 +157,7 @@
              "cmd/proxy"
              "cmd/radius"
            ];
-            vendorSha256 = "sha256-HYj5m4yFqqaxUY3YpLePzjdXnQlTIgk9h9glVeuCoLI=";
+            vendorSha256 = "sha256-womCCrXBoG3xhiqe0NnqNVuf+ecIPHVaCRbzNcsHs4o=";
            nativeBuildInputs = [ pkgs.makeWrapper ];
            postInstall = ''
              wrapProgram $out/bin/server --prefix PATH : ${pythonEnv}/bin
--- a/poetry2nix-python-overrides.nix
+++ b/poetry2nix-python-overrides.nix
@ -50,6 +50,29 @@ pkgs:
          final.setuptools-scm
        ];
      });
+      psycopg-c = prev.psycopg-c.overrideAttrs (oA: {
+        nativeBuildInputs = oA.nativeBuildInputs ++ [
+          final.setuptools
+          final.tomli
+          final.cython_3
+          pkgs.postgresql
+        ];
+      });
+      psycopg = prev.psycopg.overrideAttrs (oA: {
+        propagatedBuildInputs = oA.propagatedBuildInputs ++ [
+          final.psycopg-c
+        ];
+        pythonImportsCheck = [
+          "psycopg"
+          "psycopg_c"
+        ];
+      });
+      twisted = prev.twisted.overrideAttrs (oA: {
+        buildInputs = [
+          final.hatchling
+          final.hatch-fancy-pypi-readme
+        ];
+      });
    }
  )
 ]
--- a/web-package-lock.json.patch
+++ b/web-package-lock.json.patch