diff --git a/.pi/skills/update-package-hashes/SKILL.md b/.pi/skills/update-package-hashes/SKILL.md new file mode 100644 index 0000000..c242204 --- /dev/null +++ b/.pi/skills/update-package-hashes/SKILL.md @@ -0,0 +1,51 @@ +--- +name: update-package-hashes +description: Update a package in packages/ to a new version and refresh its hashes (src, vendorHash, npmDepsHash, cargoHash, etc.) WITHOUT compiling the package. Use when the user asks to bump, update, or upgrade a specific package under packages/. Requires package name and target version/rev. +--- + +# Update Package Hashes (Without Building) + +Require the user to supply the **package name** and **target version/rev/tag**. Ask if missing. + +## Hard Rule + +**Never run `nix build .#`** — it compiles. Only realise FOD sub-attributes (`.src`, `.goModules`, `.npmDeps`, `.cargoDeps`) which are pure downloads. + +## Flow + +1. Edit `packages//default.nix` — bump `version` / `rev` / `tag`. Check for sibling `.nix` files (e.g. `ui.nix`). + +2. **`src` hash** — use `nurl` (downloads source only, prints the fetcher expression): + + ```bash + nix run nixpkgs#nurl -- https://github.com// + ``` + + Paste the new `hash = "sha256-..."` into the `src` block. + +3. **Dependency hashes** (`vendorHash`, `npmDepsHash`, `cargoHash`, `cargoLock.outputHashes.`) — after the version bump the old hash is already wrong, so just trigger the mismatch: + + ```bash + nix build .#.goModules --no-link 2>&1 | tee /tmp/hash.log # or .npmDeps / .cargoDeps + grep -E '^[[:space:]]*got:' /tmp/hash.log | tail -1 | awk '{print $2}' + ``` + + Paste into the matching attribute. + +4. **Custom fetchers** (`leaveDotGit`, `postFetch`, `fetchSubmodules`) — `nurl` will be wrong. Use the same mismatch trick on `.src`: + + ```bash + nix build .#.src --no-link 2>&1 | tee /tmp/hash.log + ``` + + Applies to `llama-cpp` and `llama-swap`. + +5. **Opaque `outputHash` FODs** (e.g. opencode `node_modules` runs `bun install`) — do NOT attempt locally. Leave as-is and flag for CI in the summary. + +6. Show `git diff -- packages//` and list any hashes left for CI. + +## Notes + +- Don't touch hashes whose inputs didn't change (e.g. `slack-cli`'s pinned `python-snappy`/`zstd-python`). +- Resolve a tag → rev without cloning: `git ls-remote refs/tags/`. +- `nix-update --flake --version ` can sometimes do all of this; try it first for simple packages.